Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bUHMq54m6Q.exe

Overview

General Information

Sample name:bUHMq54m6Q.exe
renamed because original name is a hash value
Original sample name:2cf4b5cf327757376e717ab5554b921b.exe
Analysis ID:1437130
MD5:2cf4b5cf327757376e717ab5554b921b
SHA1:020751e48f382dbd25341228e0acf66818428b12
SHA256:a275c369ef53eba4655ca43244e230fd7b38e45dbf25fc0b614918a58b3d07a6
Tags:exeRiseProStealer
Infos:

Detection

RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Yara detected RisePro Stealer
Connects to many ports of the same IP (likely port scanning)
Contains functionality to inject threads in other processes
Found many strings related to Crypto-Wallets (likely being stolen)
Found stalling execution ending in API Sleep call
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • bUHMq54m6Q.exe (PID: 6556 cmdline: "C:\Users\user\Desktop\bUHMq54m6Q.exe" MD5: 2CF4B5CF327757376E717AB5554B921B)
    • schtasks.exe (PID: 3560 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 5412 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WerFault.exe (PID: 1836 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 1888 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • MPGPH131.exe (PID: 4896 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 2CF4B5CF327757376E717AB5554B921B)
    • WerFault.exe (PID: 5088 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 1148 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • MPGPH131.exe (PID: 2836 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 2CF4B5CF327757376E717AB5554B921B)
  • RageMP131.exe (PID: 3604 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 2CF4B5CF327757376E717AB5554B921B)
  • RageMP131.exe (PID: 5700 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 2CF4B5CF327757376E717AB5554B921B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\NoSoV6eJxRbhlNXMC2XnYgm.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
    C:\Users\user\AppData\Local\Temp\eK26yDxmyAbMrjg7CdmfOmj.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
        00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
          00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
            00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
              00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
                Click to see the 7 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\bUHMq54m6Q.exe, ProcessId: 6556, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RageMP131

                Snort Signatures

                Timestamp:05/07/24-01:32:16.104894
                SID:2046266
                Source Port:58709
                Destination Port:49703
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/07/24-01:32:30.432420
                SID:2046266
                Source Port:58709
                Destination Port:49720
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/07/24-01:32:13.660877
                SID:2046266
                Source Port:58709
                Destination Port:49699
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/07/24-01:32:13.858546
                SID:2046267
                Source Port:58709
                Destination Port:49699
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/07/24-01:32:16.124524
                SID:2046266
                Source Port:58709
                Destination Port:49702
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/07/24-01:32:13.477244
                SID:2049060
                Source Port:49699
                Destination Port:58709
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/07/24-01:32:19.524067
                SID:2046269
                Source Port:49699
                Destination Port:58709
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/07/24-01:32:39.555621
                SID:2046266
                Source Port:58709
                Destination Port:49724
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://147.45.47.102:57893/hera/amadka.exeAvira URL Cloud: Label: malware
                Multi AV Scanner detection for dropped file
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeReversingLabs: Detection: 47%
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeReversingLabs: Detection: 47%
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJoe Sandbox ML: detected
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: bUHMq54m6Q.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005D6A80 CryptUnprotectData,CryptUnprotectData,LocalFree,LocalFree,0_2_005D6A80
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FC6A80 CryptUnprotectData,CryptUnprotectData,LocalFree,LocalFree,6_2_00FC6A80
                Source: bUHMq54m6Q.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49722 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49726 version: TLS 1.2
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005F66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,0_2_005F66F0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A3EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree,0_2_005A3EC0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_005EFE80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00541F9C FindClose,FindFirstFileExW,GetLastError,0_2_00541F9C
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005D5F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,0_2_005D5F80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00542022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,0_2_00542022
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A3850 FindFirstFileA,FindNextFileA,GetLastError,FindClose,0_2_005A3850
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FE66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,6_2_00FE66F0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F93EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,6_2_00F93EC0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FDFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,6_2_00FDFE80
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F31F9C FindClose,FindFirstFileExW,GetLastError,6_2_00F31F9C
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FC5F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,6_2_00FC5F80
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F32022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,6_2_00F32022
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F93850 FindFirstFileA,FindNextFileA,GetLastError,FindClose,6_2_00F93850

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.6:49699 -> 147.45.47.126:58709
                Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.126:58709 -> 192.168.2.6:49699
                Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.126:58709 -> 192.168.2.6:49699
                Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.126:58709 -> 192.168.2.6:49703
                Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.126:58709 -> 192.168.2.6:49702
                Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.6:49699 -> 147.45.47.126:58709
                Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.126:58709 -> 192.168.2.6:49720
                Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.126:58709 -> 192.168.2.6:49724
                Connects to many ports of the same IP (likely port scanning)
                Source: global trafficTCP traffic: 147.45.47.126 ports 0,5,7,8,58709,9
                Source: global trafficTCP traffic: 192.168.2.6:49699 -> 147.45.47.126:58709
                Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                Source: Joe Sandbox ViewIP Address: 147.45.47.126 147.45.47.126
                Source: Joe Sandbox ViewIP Address: 104.26.4.15 104.26.4.15
                Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: unknownDNS query: name: ipinfo.io
                Source: unknownDNS query: name: ipinfo.io
                Source: unknownDNS query: name: ipinfo.io
                Source: unknownDNS query: name: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.126
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005D8510 recv,WSAStartup,getaddrinfo,closesocket,socket,connect,closesocket,FreeAddrInfoW,WSACleanup,FreeAddrInfoW,0_2_005D8510
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficHTTP traffic detected: GET /widget/demo/156.146.37.102 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                Source: global trafficHTTP traffic detected: GET /demo/home.php?s=156.146.37.102 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                Source: global trafficDNS traffic detected: DNS query: ipinfo.io
                Source: global trafficDNS traffic detected: DNS query: db-ip.com
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158405940.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe
                Source: bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158405940.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe)=
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe68.0
                Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exeaO
                Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.23
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/go.exe
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/go.exe207
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/go.exeServer
                Source: bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/go.exeTerracoin=
                Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/go.exeWOUl-
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/lenin.exe
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net
                Source: bUHMq54m6Q.exe, 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2086040857.0000000001180000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2114405302.0000000000C50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2277258884.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.2168458625.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2114630366.0000000001A50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2324438250.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000E.00000003.2255008440.0000000002A30000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2427181585.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000012.00000003.2337606735.0000000002BE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=156.146.37.102
                Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=156.146.37.102D
                Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=156.146.37.102LS
                Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=156.146.37.102_i
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=156.146.37.102
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=156.146.37.102A
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: RageMP131.exe, 00000012.00000002.2429829682.0000000001180000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000CF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/$E
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C9B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000129C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/e7
                Source: bUHMq54m6Q.exe, 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2086040857.0000000001180000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2114405302.0000000000C50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2277258884.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.2168458625.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2114630366.0000000001A50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2324438250.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000E.00000003.2255008440.0000000002A30000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2427181585.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000012.00000003.2337606735.0000000002BE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
                Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/o
                Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/t
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000126C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C6F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C9B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010AC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/156.146.37.102
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/156.146.37.102=
                Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/156.146.37.102d
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/156.146.37.102p
                Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001C27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/x
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C9B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/156.146.37.102
                Source: D87fZN3R3jFeplaces.sqlite.7.drString found in binary or memory: https://support.mozilla.org
                Source: D87fZN3R3jFeplaces.sqlite.7.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: D87fZN3R3jFeplaces.sqlite.7.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                Source: bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.000000000105E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001147000.00000004.00000020.00020000.00000000.sdmp, NoSoV6eJxRbhlNXMC2XnYgm.zip.6.dr, eK26yDxmyAbMrjg7CdmfOmj.zip.0.drString found in binary or memory: https://t.me/RiseProSUPPORT
                Source: RageMP131.exe, 00000012.00000002.2429829682.0000000001147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT2
                Source: MPGPH131.exe, 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT=L
                Source: bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTBB~
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTP
                Source: RageMP131.exe, 0000000E.00000002.2325536566.000000000105E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTPROCESSOR_LEVEL=6PROCES
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTf
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTq3i
                Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.000000000121F000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.dr, passwords.txt.6.drString found in binary or memory: https://t.me/risepro_bot
                Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot7.102
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botPrim
                Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botisepro_bot_Aj
                Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botr5
                Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botrisep
                Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botrisepro
                Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botrisepro;O
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botz
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: bUHMq54m6Q.exe, MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                Source: 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.dr, 3b6N2Xdh3CYwplaces.sqlite.7.dr, D87fZN3R3jFeplaces.sqlite.7.drString found in binary or memory: https://www.mozilla.org
                Source: D87fZN3R3jFeplaces.sqlite.7.drString found in binary or memory: https://www.mozilla.org#
                Source: D87fZN3R3jFeplaces.sqlite.7.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                Source: D87fZN3R3jFeplaces.sqlite.7.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                Source: D87fZN3R3jFeplaces.sqlite.7.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49722 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.6:49726 version: TLS 1.2
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005F5F70 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,701574A0,DeleteObject,DeleteObject,ReleaseDC,0_2_005F5F70

                System Summary

                barindex
                PE file contains section with special chars
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005AF0500_2_005AF050
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0055002D0_2_0055002D
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005BA1800_2_005BA180
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A63300_2_005A6330
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005AD3200_2_005AD320
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A03C00_2_005A03C0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EE3B00_2_005EE3B0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0064F4800_2_0064F480
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005E75800_2_005E7580
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A86300_2_005A8630
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0051B8E00_2_0051B8E0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00591B900_2_00591B90
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0060AC300_2_0060AC30
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A3EC00_2_005A3EC0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005AAEE00_2_005AAEE0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EFE800_2_005EFE80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EEFB00_2_005EEFB0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A30000_2_005A3000
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005471A00_2_005471A0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005B42A00_2_005B42A0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0055036F0_2_0055036F
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005945600_2_00594560
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_006585F00_2_006585F0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005B35900_2_005B3590
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0053F5800_2_0053F580
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_006576900_2_00657690
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005F77600_2_005F7760
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005647BF0_2_005647BF
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0054C9600_2_0054C960
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0054A9280_2_0054A928
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0055DA860_2_0055DA86
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00568BB00_2_00568BB0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005FEBA00_2_005FEBA0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005FFBA00_2_005FFBA0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00644C700_2_00644C70
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00656C500_2_00656C50
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00655D100_2_00655D10
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00651E300_2_00651E30
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00568E300_2_00568E30
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00602F300_2_00602F30
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F9F0506_2_00F9F050
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F4002D6_2_00F4002D
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FAA1806_2_00FAA180
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F903C06_2_00F903C0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FDE3B06_2_00FDE3B0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F963306_2_00F96330
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F9D3206_2_00F9D320
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FD75806_2_00FD7580
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0103F4806_2_0103F480
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F986306_2_00F98630
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F0B8E06_2_00F0B8E0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F81B906_2_00F81B90
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_01045D106_2_01045D10
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FFAC306_2_00FFAC30
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F9AEE06_2_00F9AEE0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F93EC06_2_00F93EC0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FDFE806_2_00FDFE80
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FDEFB06_2_00FDEFB0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F930006_2_00F93000
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F371A06_2_00F371A0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FA42A06_2_00FA42A0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F4036F6_2_00F4036F
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_010485F06_2_010485F0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FA35906_2_00FA3590
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F2F5806_2_00F2F580
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F845606_2_00F84560
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F547BF6_2_00F547BF
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_010476906_2_01047690
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FE77606_2_00FE7760
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F3C9606_2_00F3C960
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F3A9286_2_00F3A928
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F3AAEF6_2_00F3AAEF
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F4DA866_2_00F4DA86
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F58BB06_2_00F58BB0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FEEBA06_2_00FEEBA0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FEFBA06_2_00FEFBA0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_01046C506_2_01046C50
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_01034C706_2_01034C70
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F58E306_2_00F58E30
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_01041E306_2_01041E30
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FF2F306_2_00FF2F30
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: String function: 0052ACE0 appears 86 times
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00F1ACE0 appears 86 times
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 1888
                Source: bUHMq54m6Q.exeStatic PE information: Number of sections : 12 > 10
                Source: RageMP131.exe.0.drStatic PE information: Number of sections : 12 > 10
                Source: MPGPH131.exe.0.drStatic PE information: Number of sections : 12 > 10
                Source: bUHMq54m6Q.exeBinary or memory string: OriginalFilename vs bUHMq54m6Q.exe
                Source: bUHMq54m6Q.exe, 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs bUHMq54m6Q.exe
                Source: bUHMq54m6Q.exe, 00000000.00000003.2086143976.0000000001110000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs bUHMq54m6Q.exe
                Source: bUHMq54m6Q.exe, 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs bUHMq54m6Q.exe
                Source: bUHMq54m6Q.exeBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs bUHMq54m6Q.exe
                Source: bUHMq54m6Q.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: bUHMq54m6Q.exeStatic PE information: Section: ZLIB complexity 1.000030517578125
                Source: bUHMq54m6Q.exeStatic PE information: Section: ZLIB complexity 0.9986979166666666
                Source: bUHMq54m6Q.exeStatic PE information: Section: ZLIB complexity 0.9992461622807017
                Source: bUHMq54m6Q.exeStatic PE information: Section: ZLIB complexity 0.9952713815789473
                Source: bUHMq54m6Q.exeStatic PE information: Section: .reloc ZLIB complexity 1.5
                Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 1.000030517578125
                Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9986979166666666
                Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9992461622807017
                Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9952713815789473
                Source: RageMP131.exe.0.drStatic PE information: Section: .reloc ZLIB complexity 1.5
                Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 1.000030517578125
                Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9986979166666666
                Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9992461622807017
                Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9952713815789473
                Source: MPGPH131.exe.0.drStatic PE information: Section: .reloc ZLIB complexity 1.5
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/58@3/3
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_005EFE80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile created: C:\Users\user\AppData\Local\RageMP131Jump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3200:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4412:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6556
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4896
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile created: C:\Users\user\AppData\Local\Temp\rage131MP.tmpJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: bUHMq54m6Q.exe, 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2086040857.0000000001180000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2114405302.0000000000C50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2277258884.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.2168458625.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2114630366.0000000001A50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2324438250.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000E.00000003.2255008440.0000000002A30000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2427181585.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000012.00000003.2337606735.0000000002BE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                Source: bUHMq54m6Q.exe, 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2086040857.0000000001180000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2114405302.0000000000C50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2277258884.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.2168458625.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2114630366.0000000001A50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2324438250.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000E.00000003.2255008440.0000000002A30000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2427181585.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000012.00000003.2337606735.0000000002BE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                Source: MPGPH131.exe, 00000006.00000003.2179282683.0000000005EE4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2178981488.0000000005EE3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179140207.0000000005EE9000.00000004.00000020.00020000.00000000.sdmp, JEr8lVONTEQKLogin Data.0.dr, IuMVYmRLxIIELogin Data.6.dr, 1oBLao5WFReeLogin Data For Account.6.dr, W4StvYRvRm8RLogin Data.6.dr, lKkvrLBG06UiLogin Data For Account.0.dr, wib805ADjjQsLogin Data.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: bUHMq54m6Q.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                Source: MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile read: C:\Users\user\Desktop\bUHMq54m6Q.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\bUHMq54m6Q.exe "C:\Users\user\Desktop\bUHMq54m6Q.exe"
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 1888
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 1148
                Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHESTJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: d3d10warp.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: devobj.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d10warp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d10warp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dllJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d11.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxgi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: resourcepolicyclient.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d10warp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxcore.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d11.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxgi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: resourcepolicyclient.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d10warp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxcore.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dll
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: bUHMq54m6Q.exeStatic file information: File size 2298896 > 1048576
                Source: bUHMq54m6Q.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x187400
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005DF200 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_005DF200
                Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name:
                Source: bUHMq54m6Q.exeStatic PE information: section name: .vm_sec
                Source: bUHMq54m6Q.exeStatic PE information: section name: .themida
                Source: bUHMq54m6Q.exeStatic PE information: section name: .boot
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name:
                Source: RageMP131.exe.0.drStatic PE information: section name: .vm_sec
                Source: RageMP131.exe.0.drStatic PE information: section name: .themida
                Source: RageMP131.exe.0.drStatic PE information: section name: .boot
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name:
                Source: MPGPH131.exe.0.drStatic PE information: section name: .vm_sec
                Source: MPGPH131.exe.0.drStatic PE information: section name: .themida
                Source: MPGPH131.exe.0.drStatic PE information: section name: .boot
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_008A7399 push 4F494312h; mov dword ptr [esp], ecx0_2_009806B5
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_008A7399 push eax; mov dword ptr [esp], esi0_2_009806FA
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_008A7399 push 02A74018h; mov dword ptr [esp], ebx0_2_00980773
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00989680 push ebx; mov dword ptr [esp], esi0_2_0098968C
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00989680 push 03F40937h; mov dword ptr [esp], eax0_2_009896CD
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00543F59 push ecx; ret 0_2_00543F6C
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_01297399 push 4F494312h; mov dword ptr [esp], ecx6_2_013706B5
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_01297399 push eax; mov dword ptr [esp], esi6_2_013706FA
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_01297399 push 02A74018h; mov dword ptr [esp], ebx6_2_01370773
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F33F59 push ecx; ret 6_2_00F33F6C
                Source: bUHMq54m6Q.exeStatic PE information: section name: entropy: 7.99965539534534
                Source: bUHMq54m6Q.exeStatic PE information: section name: .boot entropy: 7.954415800190369
                Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.99965539534534
                Source: RageMP131.exe.0.drStatic PE information: section name: .boot entropy: 7.954415800190369
                Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.99965539534534
                Source: MPGPH131.exe.0.drStatic PE information: section name: .boot entropy: 7.954415800190369
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJump to dropped file
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Found stalling execution ending in API Sleep call
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeStalling execution: Execution stalls by calling Sleepgraph_0-53509
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeStalling execution: Execution stalls by calling Sleep
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSystem information queried: FirmwareTableInformation
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSystem information queried: FirmwareTableInformation
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-53523
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-53625
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 4596Thread sleep count: 84 > 30
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005F66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,0_2_005F66F0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A3EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree,0_2_005A3EC0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_005EFE80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00541F9C FindClose,FindFirstFileExW,GetLastError,0_2_00541F9C
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005D5F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,0_2_005D5F80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00542022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,0_2_00542022
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A3850 FindFirstFileA,FindNextFileA,GetLastError,FindClose,0_2_005A3850
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FE66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,6_2_00FE66F0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F93EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,6_2_00F93EC0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FDFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,6_2_00FDFE80
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F31F9C FindClose,FindFirstFileExW,GetLastError,6_2_00F31F9C
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FC5F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,6_2_00FC5F80
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F32022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,6_2_00F32022
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F93850 FindFirstFileA,FindNextFileA,GetLastError,FindClose,6_2_00F93850
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_005EFE80
                Source: Amcache.hve.10.drBinary or memory string: VMware
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: discord.comVMware20,11696487552f
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000127C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&o
                Source: Amcache.hve.10.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: bUHMq54m6Q.exe, 00000000.00000003.2160079403.0000000001315000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}ngineer\AppData\Local\NVIDIA Corporation\NVIDIA GeForce Experience\*
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000127C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C74000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010AC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001190000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: MPGPH131.exe, 00000006.00000003.2182140475.0000000005EDB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: H4sIAAAAAAAAAN1ca2/juJL9K4t8HTmj9yMX+8Fxko5n8vDETvruvX0RyBJtK5EljSQn7R3Mf99TpJ62JbtngcXFAoOeSKwqFovFqlMk5T/ORnG0CJbjq+zs4uyPb2fXo+m3s4tvZ5PB00CRbdWw5IEyUBRpMrga6Kpm2wN1YH47k0DqL1lB+3dQqLKsaGhUZKl4YRi2BmateFY02zHxbIhn2dY1E60Ds3h2FFs3IcAoGGTLcNAdRBQUIJEVg/ovCXRTUepndOmYat2jrNqqBuWNgaGWfVqqYuH/A7XSSjYMFTLKZ4wZnSoDq3yWLctBu1VqqSoq0Tvls2kackMH2VC0hk6yY6kauAdK1YEOJdCBUz5rjqnXCsiOI9ty3S7bjmWQ0fkccAYVJE2NYXm7oaGpGZZBZqsZFINmRi/NhkE1JoKGaDoNszmOabSeDdNsdoAhqa2JxMTaA32gVAQwqd4QAI0UvWkTXdZhkfoZE6U0TaBamt16Vgy7Kc+2bWdgVDaVbdMg11EGdjlGh/5rjBlWtPTGGGxHNbizVc+K4jRUVDSTT3vVbplmc1ptQzHMhkq26tgGqaRUL+CemIWyQ90yoB9UqAgwD2rDipajW1qjB902uTNXg7QsQ2sxWAq3YukomCXHGWjQSrFLQ1myYjesoGsa962KwFIMp+UakCJDy6odhtAaM2XJMqa+HpVhGlpTBxNKtWbKVFWnXk2yIcO0TXrFkVXy1YpAk83mIA1b0dWmADin2Ry0amE1qdpAr8eo0kxiMuSSRsf0NpQyVNXQyV9LAsQESKgDDWxvI+5plRl0mqyGVphMRWs8q6am0mSrpUR0YjkNNeEv5G7awCnfaJaJwFQPjJtiAJ5SpmbKttIMZpYu80BSdSqT7Rsuq+o8GtZ9WpgqUKjFMBRL1uXGutdkzajoHcuBUZyBXTwqKixgDQxyV54KHBvuiWWsly+og4Ep/POJh2vbgHq2cPEnsU5NpTT0E7eb7hgDW4yBv9DhxgOKJnbxBmnBgRS1lGtbWAgU/kzxaGoyOahRPGoy5RS4kFALDm+SUrolLecKY4quXOi6Zcu6pL3Jy6Vumhe6ptiWJaUsY/k8iJZEIJuy5CmBjUiiXuiqqUPlzySOMjdXXw0ZJOQE0tubykzHhgxVtWxFchxjpSH0oB0Ly5Qc/22OWXDQhwVrS/OFt7Rs1cIzQpwp5c7vqRsFazcP4oit3SB0N3m8CMIQFI7hKBIWmEYBmHo0TEVic19bKhaNwjAR3fJkEMaks+aAVJrLylug2cYF9Y8OAmWpLk1ZJwU0w5GcxYItHRoTsgYWBNMsF2tKJXrbBj/G763c/PcNSwOWvRqvwTqBZTLo9/oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZ
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: global block list test formVMware20,11696487552
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: RageMP131.exe, 00000012.00000003.2364897264.00000000011A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                Source: Amcache.hve.10.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: AMC password management pageVMware20,11696487552
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001C74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: MPGPH131.exe, 00000006.00000002.2276365511.0000000000D98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}User Data\ilgcnhelpchnceeipipijaljkblbcobl\CURRENT
                Source: Amcache.hve.10.drBinary or memory string: vmci.sys
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: Amcache.hve.10.drBinary or memory string: VMware20,1
                Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.10.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.10.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.10.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: MPGPH131.exe, 00000006.00000002.2276365511.0000000000D98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}ox\Profiles\2o7hffxt.default-release\places.sqlite
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}d-
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_5C8B5E08taw
                Source: RageMP131.exe, 0000000E.00000003.2273653876.00000000010C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}L
                Source: Amcache.hve.10.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: RageMP131.exe, 00000012.00000002.2429829682.0000000001190000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
                Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
                Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?\#disk&ven_vmware&prouask#4&1656f219&0&0000f5-b6bf-11d0-94f2-00a08b
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW;
                Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}User Data\WorkspacesNavigationComponent\Network\*(
                Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
                Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: MPGPH131.exe, 00000006.00000003.2188025250.0000000005F0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scsi#disk&ven_vmware~
                Source: Amcache.hve.10.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.10.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.10.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.10.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: MPGPH131.exe, 00000006.00000002.2276365511.0000000000D98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_5C8B5E08
                Source: Amcache.hve.10.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.10.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: MPGPH131.exe, 00000006.00000003.2130373054.0000000000D21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: Bs1Rik95T3UPWeb Data.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeProcess queried: DebugPortJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00548A64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00548A64
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005DF200 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_005DF200
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005D6D00 mov eax, dword ptr fs:[00000030h]0_2_005D6D00
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005A3EC0 mov eax, dword ptr fs:[00000030h]0_2_005A3EC0
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FC6D00 mov eax, dword ptr fs:[00000030h]6_2_00FC6D00
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F93EC0 mov eax, dword ptr fs:[00000030h]6_2_00F93EC0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005F99F0 GetLastError,GetModuleHandleA,GetProcAddress,GetProcessHeap,RtlAllocateHeap,HeapFree,RtlAllocateHeap,HeapFree,0_2_005F99F0
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_0054451D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0054451D
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_00548A64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00548A64
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F3451D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00F3451D
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00F38A64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00F38A64

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Contains functionality to inject threads in other processes
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005DF200 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_005DF200
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00FCF200 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,6_2_00FCF200
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_005EFE80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: GetLocaleInfoW,0_2_005631CA
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: EnumSystemLocalesW,0_2_0055B1B1
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_005632F3
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: GetLocaleInfoW,0_2_005633F9
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_005634CF
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: GetLocaleInfoW,0_2_0055B734
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00562B5A
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: GetLocaleInfoW,0_2_00562D5F
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: EnumSystemLocalesW,0_2_00562E51
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: EnumSystemLocalesW,0_2_00562E06
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: EnumSystemLocalesW,0_2_00562EEC
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00562F77
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,6_2_00FDFE80
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_00F531CA
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_00F4B1B1
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00F532F3
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_00F533F9
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00F534CF
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_00F4B734
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,6_2_00F52B5A
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_00F52D5F
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_00F52EEC
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_00F52E51
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_00F52E06
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_00F52F77
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite VolumeInformationJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_005EFE80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_005EFE80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeCode function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_005EFE80
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.10.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: Amcache.hve.10.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Yara detected RisePro Stealer
                Source: Yara matchFile source: 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: bUHMq54m6Q.exe PID: 6556, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 4896, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 2836, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 3604, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 5700, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\NoSoV6eJxRbhlNXMC2XnYgm.zip, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\eK26yDxmyAbMrjg7CdmfOmj.zip, type: DROPPED
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum\wallets
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\wallets#
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\com.liberty.jaxx
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\wallets
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\wallets
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet
                Source: bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ledger Live
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\formhistory.sqliteJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\signons.sqliteJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\logins.jsonJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\signons.sqliteJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\places.sqliteJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\bUHMq54m6Q.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: Process Memory Space: bUHMq54m6Q.exe PID: 6556, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 4896, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected RisePro Stealer
                Source: Yara matchFile source: 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: bUHMq54m6Q.exe PID: 6556, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 4896, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 2836, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 3604, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 5700, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\NoSoV6eJxRbhlNXMC2XnYgm.zip, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\eK26yDxmyAbMrjg7CdmfOmj.zip, type: DROPPED

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		1
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		1
                Scheduled Task/Job                		11
                Process Injection                		3
                Obfuscated Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop Protocol2
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Scheduled Task/Job                		1
                Registry Run Keys / Startup Folder                		1
                Scheduled Task/Job                		2
                Software Packing                		Security Account Manager2
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                Registry Run Keys / Startup Folder                		1
                DLL Side-Loading                		NTDS35
                System Information Discovery                		Distributed Component Object Model1
                Email Collection                		2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Masquerading                		LSA Secrets1
                Query Registry                		SSHKeylogging13
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts13
                Virtualization/Sandbox Evasion                		Cached Domain Credentials351
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                Process Injection                		DCSync13
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem2
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                System Owner/User Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                System Network Configuration Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1437130 Sample: bUHMq54m6Q.exe Startdate: 07/05/2024 Architecture: WINDOWS Score: 100 39 ipinfo.io 2->39 41 db-ip.com 2->41 49 Snort IDS alert for network traffic 2->49 51 Antivirus detection for URL or domain 2->51 53 Yara detected RisePro Stealer 2->53 55 3 other signatures 2->55 8 bUHMq54m6Q.exe 1 63 2->8         started        13 MPGPH131.exe 5 55 2->13         started        15 RageMP131.exe 2->15         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 43 147.45.47.126, 49699, 49702, 49703 FREE-NET-ASFREEnetEU Russian Federation 8->43 45 ipinfo.io 34.117.186.192, 443, 49700, 49704 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->45 47 db-ip.com 104.26.4.15, 443, 49701, 49706 CLOUDFLARENETUS United States 8->47 31 C:\Users\user\AppData\Local\...\RageMP131.exe, PE32 8->31 dropped 33 C:\ProgramData\MPGPH131\MPGPH131.exe, PE32 8->33 dropped 35 C:\Users\user\...\eK26yDxmyAbMrjg7CdmfOmj.zip, Zip 8->35 dropped 57 Query firmware table information (likely to detect VMs) 8->57 59 Tries to steal Mail credentials (via file / registry access) 8->59 61 Found many strings related to Crypto-Wallets (likely being stolen) 8->61 73 2 other signatures 8->73 19 schtasks.exe 1 8->19         started        21 schtasks.exe 1 8->21         started        23 WerFault.exe 16 8->23         started        37 C:\Users\user\...37oSoV6eJxRbhlNXMC2XnYgm.zip, Zip 13->37 dropped 63 Multi AV Scanner detection for dropped file 13->63 65 Machine Learning detection for dropped file 13->65 67 Found stalling execution ending in API Sleep call 13->67 25 WerFault.exe 13->25         started        69 Tries to detect sandboxes / dynamic malware analysis system (registry check) 15->69 71 Tries to harvest and steal browser information (history, passwords, etc) 17->71 file6 signatures7 process8 process9 27 conhost.exe 19->27         started        29 conhost.exe 21->29         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                bUHMq54m6Q.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\RageMP131\RageMP131.exe100%Joe Sandbox ML
                C:\ProgramData\MPGPH131\MPGPH131.exe100%Joe Sandbox ML
                C:\ProgramData\MPGPH131\MPGPH131.exe47%ReversingLabsWin32.Trojan.RiseProStealer
                C:\Users\user\AppData\Local\RageMP131\RageMP131.exe47%ReversingLabsWin32.Trojan.RiseProStealer

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://crl.micro0%URL Reputationsafe
                http://193.233.132.56/cost/go.exe2070%Avira URL Cloudsafe
                http://147.45.47.102:57893/hera/amadka.exe68.00%Avira URL Cloudsafe
                http://147.45.47.102:57893/hera/amadka.exeaO0%Avira URL Cloudsafe
                http://193.233.132.56/cost/go.exeWOUl-0%Avira URL Cloudsafe
                http://193.233.132.56/cost/go.exeServer0%Avira URL Cloudsafe
                http://147.45.47.102:57893/hera/amadka.exe)=0%Avira URL Cloudsafe
                http://193.230%Avira URL Cloudsafe
                http://147.45.47.102:57893/hera/amadka.exe100%Avira URL Cloudmalware
                http://193.233.132.56/cost/go.exeTerracoin=0%Avira URL Cloudsafe
                http://193.233.132.56/cost/go.exe0%Avira URL Cloudsafe
                http://193.233.132.56/cost/lenin.exe0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                ipinfo.io
                		34.117.186.192
                		truefalse
                  		high
                  db-ip.com
                  		104.26.4.15
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://db-ip.com/demo/home.php?s=156.146.37.102false
                      		high
                      https://ipinfo.io/widget/demo/156.146.37.102false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabbUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                          		high
                          https://duckduckgo.com/ac/?q=bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                            		high
                            http://193.233.132.56/cost/go.exe207bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://db-ip.com/demo/home.php?s=156.146.37.102DRageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://ipinfo.io/widget/demo/156.146.37.102pMPGPH131.exe, 00000006.00000002.2275133356.0000000000D1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://147.45.47.102:57893/hera/amadka.exebUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158405940.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://db-ip.com/RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://t.me/RiseProSUPPORTBB~bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://t.me/RiseProSUPPORTfbUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://147.45.47.102:57893/hera/amadka.exe68.0MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                                        		high
                                        https://t.me/risepro_bot7.102RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://t.me/RiseProSUPPORTq3iMPGPH131.exe, 00000006.00000002.2275133356.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://t.me/risepro_botr5RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://ipinfo.io/widget/demo/156.146.37.102dRageMP131.exe, 0000000E.00000002.2325536566.00000000010AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://ipinfo.io/xMPGPH131.exe, 00000007.00000002.2174199079.0000000001C27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://193.233.132.56/cost/go.exebUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://db-ip.com/demo/home.php?s=156.146.37.102_iRageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ipinfo.io/e7bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000129C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ipinfo.io/oRageMP131.exe, 0000000E.00000002.2325536566.00000000010C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://t.me/RiseProSUPPORTPbUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchbUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                                                            		high
                                                            https://ipinfo.io/tMPGPH131.exe, 00000007.00000002.2174199079.0000000001C5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://t.me/RiseProSUPPORTPROCESSOR_LEVEL=6PROCESRageMP131.exe, 0000000E.00000002.2325536566.000000000105E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://t.me/risepro_botisepro_bot_AjMPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://t.me/risepro_botriseproRageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://193.233.132.56/cost/go.exeTerracoin=bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://db-ip.com/demo/home.php?s=156.146.37.102LSMPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icobUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                                                                        		high
                                                                        https://ipinfo.io/widget/demo/156.146.37.102=MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://t.me/RiseProSUPPORT2RageMP131.exe, 00000012.00000002.2429829682.0000000001147000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://t.me/risepro_botPrimMPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://t.me/risepro_botrisepRageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://t.me/RiseProSUPPORT=LMPGPH131.exe, 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dllbUHMq54m6Q.exe, 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2086040857.0000000001180000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2114405302.0000000000C50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2277258884.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.2168458625.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2114630366.0000000001A50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2324438250.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000E.00000003.2255008440.0000000002A30000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2427181585.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000012.00000003.2337606735.0000000002BE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                                                                                      		high
                                                                                      http://upx.sf.netAmcache.hve.10.drfalse
                                                                                        		high
                                                                                        https://t.me/RiseProSUPPORTbUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.000000000105E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001147000.00000004.00000020.00020000.00000000.sdmp, NoSoV6eJxRbhlNXMC2XnYgm.zip.6.dr, eK26yDxmyAbMrjg7CdmfOmj.zip.0.drfalse
                                                                                          		high
                                                                                          https://www.ecosia.org/newtab/bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                                                                                            		high
                                                                                            https://ipinfo.io/Mozilla/5.0bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C9B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://ipinfo.io:443/widget/demo/156.146.37.102bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C9B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brD87fZN3R3jFeplaces.sqlite.7.drfalse
                                                                                                  		high
                                                                                                  http://193.233.132.56/cost/go.exeServerMPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://147.45.47.102:57893/hera/amadka.exe)=bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158405940.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://db-ip.com:443/demo/home.php?s=156.146.37.102AbUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://193.233.132.56/cost/go.exeWOUl-MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://ac.ecosia.org/autocomplete?q=bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                                                                                                      		high
                                                                                                      https://t.me/risepro_botRageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.000000000121F000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.dr, passwords.txt.6.drfalse
                                                                                                        		high
                                                                                                        http://147.45.47.102:57893/hera/amadka.exeaOMPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://193.23MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		low
                                                                                                        http://crl.microMPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://ipinfo.io/RageMP131.exe, 00000012.00000002.2429829682.0000000001180000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001172000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtD87fZN3R3jFeplaces.sqlite.7.drfalse
                                                                                                            		high
                                                                                                            https://www.maxmind.com/en/locate-my-ip-addressbUHMq54m6Q.exe, MPGPH131.exefalse
                                                                                                              		high
                                                                                                              https://t.me/risepro_botzbUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://193.233.132.56/cost/lenin.exeMPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.winimage.com/zLibDllbUHMq54m6Q.exe, 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2086040857.0000000001180000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2114405302.0000000000C50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2277258884.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.2168458625.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2114630366.0000000001A50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2324438250.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000E.00000003.2255008440.0000000002A30000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2427181585.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000012.00000003.2337606735.0000000002BE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://support.mozilla.orgD87fZN3R3jFeplaces.sqlite.7.drfalse
                                                                                                                    		high
                                                                                                                    https://t.me/risepro_botrisepro;OMPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://db-ip.com:443/demo/home.php?s=156.146.37.102MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ipinfo.io/$EMPGPH131.exe, 00000006.00000002.2275133356.0000000000CF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.drfalse
                                                                                                                            		high

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            34.117.186.192
                                                                                                                            		ipinfo.ioUnited States
                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                            147.45.47.126
                                                                                                                            		unknownRussian Federation
                                                                                                                            		2895FREE-NET-ASFREEnetEUtrue
                                                                                                                            104.26.4.15
                                                                                                                            		db-ip.comUnited States
                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                            General Information

                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                            Analysis ID:1437130
                                                                                                                            Start date and time:2024-05-07 01:31:24 +02:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 9m 12s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:20
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:bUHMq54m6Q.exe
                                                                                                                            renamed because original name is a hash value
                                                                                                                            Original Sample Name:2cf4b5cf327757376e717ab5554b921b.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@13/58@3/3
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 67%
                                                                                                                            • Number of executed functions: 51
                                                                                                                            • Number of non-executed functions: 0
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 20.42.73.29
                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • VT rate limit hit for: bUHMq54m6Q.exe

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            TimeTypeDescription
                                                                                                                            01:32:12Task SchedulerRun new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                            01:32:13Task SchedulerRun new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                            01:32:15AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                            01:32:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                            01:32:28API Interceptor2x Sleep call for process: WerFault.exe modified

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • ipinfo.io/json
                                                                                                                            SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • ipinfo.io/json
                                                                                                                            Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                                                                            • ipinfo.io/ip
                                                                                                                            Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                            • ipinfo.io/
                                                                                                                            Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                            • ipinfo.io/
                                                                                                                            w.shGet hashmaliciousXmrigBrowse
                                                                                                                            • /ip
                                                                                                                            Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                            • ipinfo.io/ip
                                                                                                                            Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                            • ipinfo.io/ip
                                                                                                                            uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                                                                            • ipinfo.io/ip
                                                                                                                            8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                                                                            • ipinfo.io/ip
                                                                                                                            147.45.47.126STaz6G7t52.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                              8A1Qvcfs13.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, StealcBrowse
                                                                                                                                LFnwvV2we8.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                  586785f2da723d2d03daabb7c1525d59b775ef6205fa4.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                    ec1c11e1a15be3e6d208777f69ffe6176356cba61ee06.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      104.26.4.15#Ud3ec#Ud2b8#Ud3f4#Ub9ac#Uc624.exeGet hashmaliciousNemty, XmrigBrowse
                                                                                                                                      • api.db-ip.com/v2/free/102.129.152.212/countryName

                                                                                                                                      Domains

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      ipinfo.ioSTaz6G7t52.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      LFnwvV2we8.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      586785f2da723d2d03daabb7c1525d59b775ef6205fa4.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      ec1c11e1a15be3e6d208777f69ffe6176356cba61ee06.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      wud36BhZfU.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      OJa1BOigU3.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      OJa1BOigU3.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      https://reactivate-account.live/Get hashmaliciousUnknownBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      wNyot4Puq5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      db-ip.comSTaz6G7t52.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 172.67.75.166
                                                                                                                                      LFnwvV2we8.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 104.26.5.15
                                                                                                                                      586785f2da723d2d03daabb7c1525d59b775ef6205fa4.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 172.67.75.166
                                                                                                                                      ec1c11e1a15be3e6d208777f69ffe6176356cba61ee06.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 104.26.4.15
                                                                                                                                      wud36BhZfU.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 104.26.5.15
                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 104.26.5.15
                                                                                                                                      OJa1BOigU3.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                      • 104.26.5.15
                                                                                                                                      OJa1BOigU3.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 172.67.75.166
                                                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 104.26.5.15
                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 104.26.4.15

                                                                                                                                      ASNs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://windowsprogramdangererrorfoundcritical.kesug.com/?i=3Get hashmaliciousUnknownBrowse
                                                                                                                                      • 34.117.185.41
                                                                                                                                      STaz6G7t52.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      8A1Qvcfs13.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, StealcBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      LFnwvV2we8.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      586785f2da723d2d03daabb7c1525d59b775ef6205fa4.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      ec1c11e1a15be3e6d208777f69ffe6176356cba61ee06.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      wud36BhZfU.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      https://u.to/rh6dIAGet hashmaliciousUnknownBrowse
                                                                                                                                      • 34.117.121.53
                                                                                                                                      MDE_File_Sample_1fd07379ca528bc6536b2053dddc3ea7bf85e268 (1).zipGet hashmaliciousFlawedammyyBrowse
                                                                                                                                      • 34.117.188.166
                                                                                                                                      FREE-NET-ASFREEnetEUSTaz6G7t52.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 147.45.47.126
                                                                                                                                      8A1Qvcfs13.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, StealcBrowse
                                                                                                                                      • 147.45.47.126
                                                                                                                                      LFnwvV2we8.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 147.45.47.126
                                                                                                                                      586785f2da723d2d03daabb7c1525d59b775ef6205fa4.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 147.45.47.126
                                                                                                                                      ec1c11e1a15be3e6d208777f69ffe6176356cba61ee06.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 147.45.47.126
                                                                                                                                      wud36BhZfU.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 147.45.47.93
                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 147.45.47.93
                                                                                                                                      OJa1BOigU3.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                      • 193.233.132.253
                                                                                                                                      OJa1BOigU3.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 193.233.132.226
                                                                                                                                      9vZbHuuOq6.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 193.233.132.253
                                                                                                                                      CLOUDFLARENETUSSecuriteInfo.com.Win32.PWSX-gen.22265.6346.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                      • 104.26.12.205
                                                                                                                                      https://share-field-7570.yralecaeaghnrsn.workers.dev/55dbf939-4f12-4e1Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.21.54.88
                                                                                                                                      https://cloude-15e5.karsonjacobsen.workers.dev/d2d7e935-4585-4825-8391-46e4c9be230dGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.17.24.14
                                                                                                                                      https://pub-b21d18de3a374246bba2ba1405261622.r2.dev/credential_update-now.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 104.18.2.35
                                                                                                                                      https://windowsprogramdangererrorfoundcritical.kesug.com/?i=3Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.20.201.67
                                                                                                                                      https://clous-lab-662a.tlavaeonryersvs.workers.dev/03076ce1-7441-4494-9b6c-c6311d88e918Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.17.25.14
                                                                                                                                      https://pub-77d30b86b0c442ffa3b4972e714f3fdf.r2.dev/index2.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 104.18.11.207
                                                                                                                                      https://a0sreadn.surge.sh/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 104.17.25.14
                                                                                                                                      https://bafkreid2sritou3nqmvs5fyoqdftsbfaxa5ovsyzipxhkplqmbp7ihau2y.ipfs.cf-ipfs.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 104.17.64.14
                                                                                                                                      SecuriteInfo.com.Win32.TrojanX-gen.30104.20010.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                      • 172.67.74.152

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1STaz6G7t52.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      LFnwvV2we8.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      586785f2da723d2d03daabb7c1525d59b775ef6205fa4.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      ec1c11e1a15be3e6d208777f69ffe6176356cba61ee06.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      wud36BhZfU.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      May-Document-6_2024-5062.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      May-Document-6_2024-8723.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      May-Document-6_2024-3471.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      May-Document-6_2024-5011.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15
                                                                                                                                      May-Document-6_2024-7381.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                      • 34.117.186.192
                                                                                                                                      • 104.26.4.15

                                                                                                                                      Dropped Files

                                                                                                                                      No context

                                                                                                                                      Created / dropped Files

                                                                                                                                      C:\ProgramData\MPGPH131\MPGPH131.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2298896
                                                                                                                                      Entropy (8bit):7.943949707127546
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:JZZ2yJFMXgNp/R21ABbgdThoxEN2lcHmNNQfwo:JZZF7N1ROABbgdThog24fwo
                                                                                                                                      MD5:2CF4B5CF327757376E717AB5554B921B
                                                                                                                                      SHA1:020751E48F382DBD25341228E0ACF66818428B12
                                                                                                                                      SHA-256:A275C369EF53EBA4655CA43244E230FD7B38E45DBF25FC0B614918A58B3D07A6
                                                                                                                                      SHA-512:CECCBEAF87660EA08D9BDC5804546C16A2ABEA4F73C8F80345E711CF5C4A8AB9330CA64022B890457187BDE83DE2687177CB50C1A4FC1BF9D49054510E2418FA
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                                      Reputation:low
                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s..../.s..zq./.s.Rich..s.................PE..L....96f...............'............X`P...........@...........................h......#...@..................................Q.......p........................h..............................`...............................6..@................... ........................... ..` 2~..........................@..@ 0I...P......................@... .........r..................@..@ X....p...L...D..............@..B.vm_sec..@.......@..................@....idata.......P......................@....tls.........`...........................rsrc........p......................@..@.themida. 5..@......................`....boot....t...`P..t..................`..`.reloc........h.......#.

                                                                                                                                      C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):26
                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_5ae7e4c267f7e8254d33e44a3aef75514fc3925e_0010bad0_310ee076-0e1e-4dc2-a821-22b2cb294147\Report.wer

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65536
                                                                                                                                      Entropy (8bit):1.0528304363184986
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:QKlcZzR8D107ETl6E6jjyZrofxjPzuiFGZ24IO826t:t2ReW7ET4jLPzuiFGY4IO8p
                                                                                                                                      MD5:55FFA6AEB68627E18595895A40485121
                                                                                                                                      SHA1:AE5696883F3C06E49D31DAB177D1223C6B39CFC4
                                                                                                                                      SHA-256:859047D27DE298B2397FF427B2C29AF186EA31070DE9401F1C329CD172538B29
                                                                                                                                      SHA-512:2E80144AC3251CA2BB9172822638597460BF76D3AFD7EE184AFFC904EA3B6E3109113FB3A23DA9A9EB9575F6D1D3BA455A4FF6004464D654BE28A285BDFB11D8
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:low
                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.9.5.1.1.9.4.4.6.4.0.4.1.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.9.5.1.1.9.4.7.3.7.4.7.9.2.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.1.0.e.e.0.7.6.-.0.e.1.e.-.4.d.c.2.-.a.8.2.1.-.2.2.b.2.c.b.2.9.4.1.4.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.1.5.d.0.5.d.5.-.3.0.6.1.-.4.1.2.9.-.b.2.8.3.-.c.d.1.2.b.c.0.3.2.a.6.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.P.G.P.H.1.3.1...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.C.r.o.s.s.D.e.v.i.c.e.S.e.t.t.i.n.g.s.H.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.2.0.-.0.0.0.1.-.0.0.1.5.-.1.c.2.f.-.5.e.9.f.0.d.a.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.6.7.a.b.c.f.8.d.6.c.2.5.2.9.7.e.d.9.7.2.3.e.f.1.6.c.3.8.f.3.6.0.0.0.0.0.9.1.0.!.0.0.0.0.0.2.0.7.5.1.e.4.8.f.3.8.2.d.b.d.2.5.3.4.1.2.

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bUHMq54m6Q.exe_7f5678ff3d44ce164b9187a831663245298324_7fe652d7_b9d6888b-1509-4a56-aeb6-1b74ada72881\Report.wer

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65536
                                                                                                                                      Entropy (8bit):1.0564993166343377
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:kz2FyGpe0AYvcjyZrosLZuzuiFGZ24IO8w:DFyGpFAYvcjyuzuiFGY4IO8w
                                                                                                                                      MD5:2496724ADC3F946A9EC4B66BA7F8E3AF
                                                                                                                                      SHA1:413DB74471545DB74251D665B0E2655A98368916
                                                                                                                                      SHA-256:1E7358379E3E413E7E0B108224F599DA60E1D0ED170F5589194853F8B52601B7
                                                                                                                                      SHA-512:24698623A0845B1E59CC4229900A1CABDE1FB8536D0D869AC4F2B36BB2129D2C945B4792966B41CFFEB6854C34193AA13EEEA0EEB9E4E0900225A9D41B80EC3F
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:low
                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.9.5.1.1.9.4.1.3.6.0.7.6.5.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.9.5.1.1.9.4.2.2.2.0.1.4.4.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.9.d.6.8.8.8.b.-.1.5.0.9.-.4.a.5.6.-.a.e.b.6.-.1.b.7.4.a.d.a.7.2.8.8.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.5.f.d.3.c.5.f.-.9.2.a.3.-.4.a.c.1.-.9.2.8.f.-.3.f.d.9.c.e.1.f.1.b.7.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.b.U.H.M.q.5.4.m.6.Q...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.C.r.o.s.s.D.e.v.i.c.e.S.e.t.t.i.n.g.s.H.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.9.c.-.0.0.0.1.-.0.0.1.5.-.9.5.8.0.-.b.d.9.d.0.d.a.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.6.7.a.b.c.f.8.d.6.c.2.5.2.9.7.e.d.9.7.2.3.e.f.1.6.c.3.8.f.3.6.0.0.0.0.0.9.1.0.!.0.0.0.0.0.2.0.7.5.1.e.4.8.f.3.8.2.d.b.d.2.5.3.4.

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FC2.tmp.dmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon May 6 23:32:21 2024, 0x1205a4 type
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):121480
                                                                                                                                      Entropy (8bit):1.855363340823153
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:DD+AADAd0Ftvk7wkhOv0YASdEGG3qAJzlZI0BaQfK+rF9z2:DD+he0FtvcU0YASrobaE9z
                                                                                                                                      MD5:D265223288CCD39728494EDACC4D45CD
                                                                                                                                      SHA1:4EC0FD691CD4E11EAD031D358DCFBF6A5C1E79E1
                                                                                                                                      SHA-256:3A1EE8B072CC72BC32AEDC6A301DC67B033B20CB4F6E4606AF43E0611AA6027A
                                                                                                                                      SHA-512:19C823276AD1500C61CE121857EC766FED99485B43E0491417FAEDFEE9A8630BEEEDAF7C4AB0B3F2000ABAF116B28B34B5C0C1D724A8E9A339B268B7A071117F
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:low
                                                                                                                                      Preview:MDMP..a..... ........h9f............................(.......l....#...........O..........`.......8...........T...........HJ..@...........,$...........&..............................................................................eJ.......&......GenuineIntel............T...........zh9f.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER3215.tmp.WERInternalMetadata.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8396
                                                                                                                                      Entropy (8bit):3.708401782548626
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:R6l7wVeJBM6GKrP56Y2DDSU/yAgmfsJlyprw89btOsfKEPm:R6lXJ66PP56YeSUqAgmfsJlKtNfK
                                                                                                                                      MD5:BFF72A7437A4CFE9B3A33B115D4942B4
                                                                                                                                      SHA1:8296D052352D269EADE7E733B3B1C6BE03531913
                                                                                                                                      SHA-256:AE160FD624E0970377AF57CA774FAFDFCBF04F5819A2538C99F29860D75D9418
                                                                                                                                      SHA-512:4A2CEDDC0AAEB1DEEE590F581DD15059DDC4CCDA200452DD43A4B87F3312B30FC318DB4ACF2614B0C086B50272B47CF640A544BBA6678163593815AE84D8D967
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.5.6.<./.P.i.

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER3245.tmp.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4728
                                                                                                                                      Entropy (8bit):4.5356433746061215
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:cvIwWl8zshQJg77aI9rCBWpW8VYAYm8M4JkNFN9z+q8Yf5+EQyffd:uIjfsI74Q7VgJqzRPQynd
                                                                                                                                      MD5:D52E3C37BBCBDD516F70697AC8B54A96
                                                                                                                                      SHA1:975DE1864954B059C8D6F50837E9526627C2FCB3
                                                                                                                                      SHA-256:28435826EB843D3C8F5F29C60181A36224782383BCF8B26141C324E232324EC2
                                                                                                                                      SHA-512:5D1673CA7EE38D7C0EEC780AD44D501F8E467C611ED38B8AA202ECEC840F74607DC02E2EB70CE07E8C01FEFC058CD92208AC0B2961CE00C2F21C7166BEF8E07A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="311915" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C94.tmp.dmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon May 6 23:32:25 2024, 0x1205a4 type
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):110138
                                                                                                                                      Entropy (8bit):1.9059204889344317
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:1Y+sf5xZhwFtvF6VIpZdoVq3VorSJgX16lUHtFB9F1FqEOUw8xNvtz+7kpU:1Y+sB/+FtvF6kZde1jz+e
                                                                                                                                      MD5:3A3C0CE18EF40D4E92E7C7EF400F0EE8
                                                                                                                                      SHA1:A7B1ADF42CA16E93E32D0164D91D91F749CF5634
                                                                                                                                      SHA-256:063504D6E121A76A6CA07CBDDC067EFB18EA8840028299F85A2D8E2592FE28E6
                                                                                                                                      SHA-512:6F7D883A74620053431694C42B4A5CB83340FA69760F374D1DFB84F8C4650E455AB3034574CCC12EE34BFF9925CEC612C0289E9FB0E48B9250BFA2811C9E3B00
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MDMP..a..... ........h9f....................................l...`#...........I..........`.......8...........T............I...d...........#...........%..............................................................................eJ......P&......GenuineIntel............T....... ...|h9f.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER461A.tmp.WERInternalMetadata.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6362
                                                                                                                                      Entropy (8bit):3.7263411812944227
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:R6l7wVeJKuD6nYi5JlDRprq89bAnsfkAm:R6lXJH6nYSJlzAsfy
                                                                                                                                      MD5:6A14978891945B9E38AC53D5780B96EE
                                                                                                                                      SHA1:2DCDB9B3AE42ACAC20BA24F2708601D1234962AE
                                                                                                                                      SHA-256:61BF7B38559DD5F584E31F7344B0BA23A363C59A6280FB571C73A1C2013E2A1E
                                                                                                                                      SHA-512:C9A8545A9119AF1C63531F023D104ADF3098A75DDC4637295468C66C457A5C02EF0A4583F83BC06DF79BC84E3B0E507AF0546D76017F268708CE7FD03167AB27
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.8.9.6.<./.P.i.

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER463A.tmp.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4718
                                                                                                                                      Entropy (8bit):4.523696716084494
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:cvIwWl8zshQJg77aI9rCBWpW8VYmYm8M4JkteF6I+q80v0S5+71lwfd:uIjfsI74Q7VyJ/VA1l+d
                                                                                                                                      MD5:5CFBE0ADA8596312330D36347D38BFC8
                                                                                                                                      SHA1:F5C3AEED32ADDD63E4FA0B1A87E8C00AC2EC7BE3
                                                                                                                                      SHA-256:164763BF3B7E5CACB0CB189AB3E7D8235E6B0CD97DE6985C03953D21127826D7
                                                                                                                                      SHA-512:0B666C4E159C55B786FC002D513756A672049EE3810FFF8ECC1B47244C0F3AF9CC68A42B05ED76ADBDF6A276599E0A4F1AC98A1676DF647DB79FEAB20B9B4B4C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="311915" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                      C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2298896
                                                                                                                                      Entropy (8bit):7.943949707127546
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:JZZ2yJFMXgNp/R21ABbgdThoxEN2lcHmNNQfwo:JZZF7N1ROABbgdThog24fwo
                                                                                                                                      MD5:2CF4B5CF327757376E717AB5554B921B
                                                                                                                                      SHA1:020751E48F382DBD25341228E0ACF66818428B12
                                                                                                                                      SHA-256:A275C369EF53EBA4655CA43244E230FD7B38E45DBF25FC0B614918A58B3D07A6
                                                                                                                                      SHA-512:CECCBEAF87660EA08D9BDC5804546C16A2ABEA4F73C8F80345E711CF5C4A8AB9330CA64022B890457187BDE83DE2687177CB50C1A4FC1BF9D49054510E2418FA
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s..../.s..zq./.s.Rich..s.................PE..L....96f...............'............X`P...........@...........................h......#...@..................................Q.......p........................h..............................`...............................6..@................... ........................... ..` 2~..........................@..@ 0I...P......................@... .........r..................@..@ X....p...L...D..............@..B.vm_sec..@.......@..................@....idata.......P......................@....tls.........`...........................rsrc........p......................@..@.themida. 5..@......................`....boot....t...`P..t..................`..`.reloc........h.......#.

                                                                                                                                      C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):26
                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                      C:\Users\user\AppData\Local\Temp\NoSoV6eJxRbhlNXMC2XnYgm.zip

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2860
                                                                                                                                      Entropy (8bit):7.739784447128016
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:9raVXZV//QWGPvcpJVfMR7kl8QbBHy3Rrl735OS1hcj8xNnDyBZVYun3KJ67k0Oj:yZV//Q1vcGQdHA30MNIzYu3KJZ
                                                                                                                                      MD5:CC7DEAFED3A6A0D17C8B8648F48BBB28
                                                                                                                                      SHA1:F132D9ADBFC2BD3D5605BCC2E9E5C1B06CA0A800
                                                                                                                                      SHA-256:6E29C3B738F43B9F11E9ACA40DA25E96C0FB91C23C6370AE0E3BBE9EF5E8D28F
                                                                                                                                      SHA-512:B930BD3E8E8B96ECAF0A1C30617CDFE0DB25918E1586286FC672A975723ED5B7D42FACD7DBD5F4F8C29B51E1C5DF760E126816BEB41EC661844A9BF56E1CD209
                                                                                                                                      Malicious:true
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\NoSoV6eJxRbhlNXMC2XnYgm.zip, Author: Joe Security
                                                                                                                                      Preview:PK...........X................Cookies\..PK...........XA.`%............Cookies\Chrome_Default.txt....@.........i.&h.Cn..L...\.FA@.~..v7..O...%!es.f..../S..a...@.,ek.%.H......</<2..,...I..w......1q.f.F+PiM.=h.5..2....0....O..u_.~}Z.UM........y...Rj..4H..D...xLY@....[.d.c&......G_............j%q%....Y.|.....P...u..u..85/..Z`...-..c...^A8n...Y.3......j.G!....c.....AM@!._W.yQbs.@.....h.y.-......|J..i...r....c....M...E...GS...C....X..C.U..v.%......C,.L0,......5.=....6.....PK...........Xj.d.....k.......information.txt.Y.R.H.}w..."..b..K.....q7...m..Y*.M.W.......J6..M+. B.Je...*..4K.$.V.b8.j.*-.1.......Qm..fc.4z&.'....sJ8.r0..47...$4L..G.....9...d>R.26..yB.pp:kt.....B.fq4b.Q..`.Pm...C-.7...Z.T...P.?..|.X.>Mh8.+..9op^F..L...e.,.......gL....l.pp[..........|.4Ly..^.G/.8..o.j}_...y.N...<....c....'|.Q@.<S....I>.'...$....o...hS..4..1...4O..jLv..Q....V.?..I.ZojS..... B. .w._.>.^}.].J.~....9K.u..2U.mZD..t.(...E./7..>:.........e.....,....,Ok..Oi.L..!..Km 2r.6.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\eK26yDxmyAbMrjg7CdmfOmj.zip

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):2860
                                                                                                                                      Entropy (8bit):7.720862667626285
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:9BarXZV//QWGPvcUVwNupS38FlwH5uuErj7qL8V2jm49zieHkzuXYzS3M/dRn3K6:6ZV//Q1vcUOIpSRTUZA99HFIzVT3KJ4
                                                                                                                                      MD5:7BAAF6EFC43F0561B018A102B243D445
                                                                                                                                      SHA1:F4061F8E1B37F9954E0A59E17592485CABD22721
                                                                                                                                      SHA-256:F1C1160A830CE3BDB771D6707C576A3773E82D56E7A13453C3F40776D04E68B7
                                                                                                                                      SHA-512:8DBE7AA30E74E36DD64C1493DA4DA71FCE6D44CA3C378E2587326E734929654F6D906D7BA74994C37C09CAB7287B2868C70790B8A5BCDCB64E0022656A5805E0
                                                                                                                                      Malicious:true
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\eK26yDxmyAbMrjg7CdmfOmj.zip, Author: Joe Security
                                                                                                                                      Preview:PK...........X................Cookies\..PK...........XA.`%............Cookies\Chrome_Default.txt....@.........i.&h.Cn..L...\.FA@.~..v7..O...%!es.f..../S..a...@.,ek.%.H......</<2..,...I..w......1q.f.F+PiM.=h.5..2....0....O..u_.~}Z.UM........y...Rj..4H..D...xLY@....[.d.c&......G_............j%q%....Y.|.....P...u..u..85/..Z`...-..c...^A8n...Y.3......j.G!....c.....AM@!._W.yQbs.@.....h.y.-......|J..i...r....c....M...E...GS...C....X..C.U..v.%......C,.L0,......5.=....6.....PK...........X................information.txt.Y.S.F.........Lk.%....@...qh.}...Q#.\I..N...Nv.9%.a....v....O7i..Q.Ws..}TE..|.....~.mT.!..(4.....&CF..G.S..G.C....C.*..\........q2.......<...{?.y....}..@.8.... .I0..Tra.C.....o.d.}AU..Dl.X,..'8.....8'Q.0D....4..|i`....*?Wz}?.....|%...V.{.....E......_.8..o.j}_...9[N.../.g..Z..d......c.G.AR...g.....Qk...s...b..N6.^.YV.....I.D?.C....F.B......{#.Zo*U._.....1....~..|..a61,5........\g&b...ADh...%.9....&Z...y.w...:*./'..Y........R..L.e.W...7..Gd.&.a.o

                                                                                                                                      C:\Users\user\AppData\Local\Temp\rage131MP.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):13
                                                                                                                                      Entropy (8bit):2.6612262562697895
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:LsXUW:wUW
                                                                                                                                      MD5:D0A75EBFF72FA9B67AA2874A9CEF49CB
                                                                                                                                      SHA1:1321F58A68CAAF00627A03FA4E1D2C274B115757
                                                                                                                                      SHA-256:1D30EA87A95BC86360BD27D6F5399E126E4B2B135AC5BF437AD2FD213CE807B9
                                                                                                                                      SHA-512:95E55D568E8C4561468BDEEBFA6295701D009796FF0BDF5F949A09499540E3788D3FF697FF256760A069FD7FD4FC5B8E7690CA5921BAB76DD52D8B2E002DA394
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:1715044508013

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\02zdBXl47cvzcookies.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):98304
                                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5242880
                                                                                                                                      Entropy (8bit):0.0357803477377646
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                      MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                      SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                      SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                      SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\8aQjHf7utHnSHistory

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):155648
                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\9V16nhm0bFZXWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):106496
                                                                                                                                      Entropy (8bit):1.136471148832945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                      MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                      SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                      SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                      SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\D87fZN3R3jFeplaces.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5242880
                                                                                                                                      Entropy (8bit):0.0357803477377646
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                      MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                      SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                      SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                      SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\EvDoFjSc27w4History

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):159744
                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\FQEh_xU7vRTGWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):196608
                                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\JEr8lVONTEQKLogin Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):40960
                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\LmI4gt7uNt6lWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):106496
                                                                                                                                      Entropy (8bit):1.136471148832945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                      MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                      SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                      SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                      SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\P8T1BgZgt5t1Cookies

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\RVFvq_w1ZQYbWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):106496
                                                                                                                                      Entropy (8bit):1.136471148832945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                      MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                      SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                      SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                      SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\dn59MYeqcUJmWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):196608
                                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\lKkvrLBG06UiLogin Data For Account

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):40960
                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\nQVbv3R1YjF8Cookies

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.8508558324143882
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                      MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                      SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                      SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                      SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\oVix2UaWI8VCHistory

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):155648
                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\q58jgT3UDnoOWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):196608
                                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\w07ebxHrMjWrHistory

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):159744
                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\wib805ADjjQsLogin Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):51200
                                                                                                                                      Entropy (8bit):0.8745947603342119
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                      MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                      SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                      SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                      SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\02zdBXl47cvzcookies.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):98304
                                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\1oBLao5WFReeLogin Data For Account

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):40960
                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5242880
                                                                                                                                      Entropy (8bit):0.0357803477377646
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                      MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                      SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                      SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                      SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\Bs1Rik95T3UPWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):196608
                                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\D87fZN3R3jFeplaces.sqlite

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5242880
                                                                                                                                      Entropy (8bit):0.0357803477377646
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                      MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                      SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                      SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                      SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\F27iDkUSbUX4History

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):155648
                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\GoTBCXWsNltoCookies

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.8508558324143882
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                      MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                      SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                      SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                      SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\IuMVYmRLxIIELogin Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):40960
                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\KsIfLLPbfavZWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):106496
                                                                                                                                      Entropy (8bit):1.136471148832945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                      MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                      SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                      SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                      SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\SrMOR5IqDZZTCookies

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\TQL0dLOETHSsHistory

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):159744
                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\W4StvYRvRm8RLogin Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):51200
                                                                                                                                      Entropy (8bit):0.8745947603342119
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                      MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                      SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                      SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                      SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\djGL4gOVacKhHistory

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):159744
                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\e0WJiscSE76mWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):106496
                                                                                                                                      Entropy (8bit):1.136471148832945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                      MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                      SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                      SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                      SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\uH4Klb1syK8iWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):106496
                                                                                                                                      Entropy (8bit):1.136471148832945
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                      MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                      SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                      SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                      SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\uyAd3P89yfWTHistory

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):155648
                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\vCcKyxUjjGyAWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):196608
                                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\z81g9YDMLrJHWeb Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):196608
                                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\trixylgSFE9XfRUKm\Cookies\Chrome_Default.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):530
                                                                                                                                      Entropy (8bit):6.005544722730675
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:c7F2v4kMx/6UsMbf4/LJPhvkRj6a9kuEYTCRopYxOOVtouEYv:SCJyHXbfQJPh8RdkYiFoYv
                                                                                                                                      MD5:987FB1A1830B0EB5C0D306F8A2DE9981
                                                                                                                                      SHA1:8374E6320AD99C3FF177A9889F1AB75448F6EB19
                                                                                                                                      SHA-256:5EF24A6CE57CA3048431555909EC23CD5494DA76845F84271946442249DDA891
                                                                                                                                      SHA-512:9E2A48264084B79051FC275DD7780A5552B56220459A1CDDBE6F6A307FE0E5759AE20BC243D085D9734153879AC4E66233AB83F92551DD8092EABF85B16F2D15
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.google.com.TRUE./.TRUE.1712298002.NID.ENC893*_djEwx6CLkXLg8AuSZWCgylmAsMNnd1LSfbcL+IfCgMvX/m5IrzdSwxt6X6n5S6C7wCoUoWvuixZpzrMizGZc5ohIpmsvlOrGTOhFkQ4+lCF6fVH0QNPBBb27o2nXM8em7EAYS1bYZC2LV04SqpgyxJmdfFA7UyWUoK8kFZQDRl0vdOzWdvAoumw2skuCCtJC2oG3z3OYbLTLDbM7wYvVmfDeqtnZRihAAt+ptqI6cfY1a+KO9XP+4XkDSXW7JhsexYHBqzSSBmUisGZ7f9E=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*...google.com.FALSE./.TRUE.1699078840.1P_JAR.ENC893*_djEwZKzV9KAslchfQWnVTck71JHMVRC24lvAWgdl5WpYIXlINsbQSVWzkKU=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*..

                                                                                                                                      C:\Users\user\AppData\Local\Temp\trixylgSFE9XfRUKm\information.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6788
                                                                                                                                      Entropy (8bit):5.454511401811121
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:xyONORzSJLcBC1IUlzhge+U8Acf99+KQeTw47OGhLfgAgkM4/DhPigy62/OA61Yg:xYRIL84IUlzhsB
                                                                                                                                      MD5:06FC6A2B56EABC4E7CDD6DE8AC35FB9F
                                                                                                                                      SHA1:88FE1D2F77ACBCCA7A7621611721CF6DD22CE3F9
                                                                                                                                      SHA-256:B0E5B51EE03901CB820B662ADB6337F863E4272A5A06DF904ECE22EA2443BD97
                                                                                                                                      SHA-512:1087D72E81BDC0017052B73839F034C9935AF7EC8545A9B61EA1927E17DFFABD555B1D2F5BE96D0084A5C2336416A0683C8B90C9FCCC22DA99B15BAB7ED78245
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Build: combo..Version: 2.0....Date: Tue May 7 01:32:17 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 904752e9437da3bfff870d09bb5572b2....Path: C:\Users\user\Desktop\bUHMq54m6Q.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixylgSFE9XfRUKm....IP: 156.146.37.102..Location: US, New York City..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 390120 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 7/5/2024 1:32:17..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [328]..csrss.exe [412]..wininit.exe [488]..csrss.exe [496]..winlogon.exe [560]..services.exe [632]..lsass.exe [652]..svchost.exe [752]..fontdrvhost.exe [780]..fontd

                                                                                                                                      C:\Users\user\AppData\Local\Temp\trixylgSFE9XfRUKm\passwords.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4897
                                                                                                                                      Entropy (8bit):2.518316437186352
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                      MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                      SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                      SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                      SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\trixyuNssG0kGarHs\Cookies\Chrome_Default.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):530
                                                                                                                                      Entropy (8bit):6.005544722730675
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:c7F2v4kMx/6UsMbf4/LJPhvkRj6a9kuEYTCRopYxOOVtouEYv:SCJyHXbfQJPh8RdkYiFoYv
                                                                                                                                      MD5:987FB1A1830B0EB5C0D306F8A2DE9981
                                                                                                                                      SHA1:8374E6320AD99C3FF177A9889F1AB75448F6EB19
                                                                                                                                      SHA-256:5EF24A6CE57CA3048431555909EC23CD5494DA76845F84271946442249DDA891
                                                                                                                                      SHA-512:9E2A48264084B79051FC275DD7780A5552B56220459A1CDDBE6F6A307FE0E5759AE20BC243D085D9734153879AC4E66233AB83F92551DD8092EABF85B16F2D15
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.google.com.TRUE./.TRUE.1712298002.NID.ENC893*_djEwx6CLkXLg8AuSZWCgylmAsMNnd1LSfbcL+IfCgMvX/m5IrzdSwxt6X6n5S6C7wCoUoWvuixZpzrMizGZc5ohIpmsvlOrGTOhFkQ4+lCF6fVH0QNPBBb27o2nXM8em7EAYS1bYZC2LV04SqpgyxJmdfFA7UyWUoK8kFZQDRl0vdOzWdvAoumw2skuCCtJC2oG3z3OYbLTLDbM7wYvVmfDeqtnZRihAAt+ptqI6cfY1a+KO9XP+4XkDSXW7JhsexYHBqzSSBmUisGZ7f9E=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*...google.com.FALSE./.TRUE.1699078840.1P_JAR.ENC893*_djEwZKzV9KAslchfQWnVTck71JHMVRC24lvAWgdl5WpYIXlINsbQSVWzkKU=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*..

                                                                                                                                      C:\Users\user\AppData\Local\Temp\trixyuNssG0kGarHs\information.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6763
                                                                                                                                      Entropy (8bit):5.453486822202273
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:xysBORzSLcBC1IUlzhge+U8Acf99+KQeTw47OGhLfgAgkM4/DhPigy62/OA61YLv:xWRW84IUlzhPB
                                                                                                                                      MD5:B8958E5F1DE6D63E8AC54C767F4BEF84
                                                                                                                                      SHA1:C4B15EDB99B71BA90A811636B2CAEC9EAC30EC90
                                                                                                                                      SHA-256:A07F9B147FBCC63536AFE4F3F3D7294E1BD64105A4EEBEB2663322F5C6882F61
                                                                                                                                      SHA-512:6BCB2BC14DA4740C943A3EFDF0286183C12A4AE7338281B4EFCCA8DC471C4CA633C0FA9945EB2B7F8E2AFB5EF9FEA032AD11E468C059DE1DD6A0897DABF83365
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Build: combo..Version: 2.0....Date: Tue May 7 01:32:20 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 904752e9437da3bfff870d09bb5572b2....Path: C:\ProgramData\MPGPH131\MPGPH131.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixyuNssG0kGarHs....IP: 156.146.37.102..Location: US, New York City..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 390120 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 7/5/2024 1:32:20..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [328]..csrss.exe [412]..wininit.exe [488]..csrss.exe [496]..winlogon.exe [560]..services.exe [632]..lsass.exe [652]..svchost.exe [752]..fontdrvhost.exe [780]..fontdrvho

                                                                                                                                      C:\Users\user\AppData\Local\Temp\trixyuNssG0kGarHs\passwords.txt

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4897
                                                                                                                                      Entropy (8bit):2.518316437186352
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                      MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                      SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                      SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                      SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1835008
                                                                                                                                      Entropy (8bit):4.47233161646703
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:kzZfpi6ceLPx9skLmb0fvZWSP3aJG8nAgeiJRMMhA2zX4WABluuNWjDH5S:KZHtvZWOKnMM6bFpMj4
                                                                                                                                      MD5:7089E7B13B3F7D5480AC10E9FC9BC7BD
                                                                                                                                      SHA1:B80DCAABFC25F3670FA3EF3D0892CCFB4687B462
                                                                                                                                      SHA-256:1440607BC822FC949BE90C3A333B2C52EF52E3F0ADFE88A9D28AD0FFC23F5272
                                                                                                                                      SHA-512:AE6085618880C9A12125CADB435C05F5ACF31739DE941DD330E040C0339730E2E37C61EAD3A41DEE36AED981B3A9078102D4EDF86B4F86A4AD5DE879E7143183
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..O.................................................................................................................................................................................................................................................................................................................................................99X.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      Static File Info

                                                                                                                                      General

                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Entropy (8bit):7.943949707127546
                                                                                                                                      TrID:
                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                      File name:bUHMq54m6Q.exe
                                                                                                                                      File size:2'298'896 bytes
                                                                                                                                      MD5:2cf4b5cf327757376e717ab5554b921b
                                                                                                                                      SHA1:020751e48f382dbd25341228e0acf66818428b12
                                                                                                                                      SHA256:a275c369ef53eba4655ca43244e230fd7b38e45dbf25fc0b614918a58b3d07a6
                                                                                                                                      SHA512:ceccbeaf87660ea08d9bdc5804546c16a2abea4f73c8f80345e711cf5c4a8ab9330ca64022b890457187bde83de2687177cb50c1a4fc1bf9d49054510e2418fa
                                                                                                                                      SSDEEP:49152:JZZ2yJFMXgNp/R21ABbgdThoxEN2lcHmNNQfwo:JZZF7N1ROABbgdThog24fwo
                                                                                                                                      TLSH:81B533E824E3CFADD275EBF22503911944606F61DFE24BC4B24F696DABE264D437031A
                                                                                                                                      File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s...../.s

                                                                                                                                      File Icon

                                                                                                                                      Icon Hash:1e637808c76c1d83

                                                                                                                                      Static PE Info

                                                                                                                                      General

                                                                                                                                      Entrypoint:0x906058
                                                                                                                                      Entrypoint Section:.boot
                                                                                                                                      Digitally signed:false
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      Subsystem:windows gui
                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                      Time Stamp:0x663639CA [Sat May 4 13:36:10 2024 UTC]
                                                                                                                                      TLS Callbacks:
                                                                                                                                      CLR (.Net) Version:
                                                                                                                                      OS Version Major:6
                                                                                                                                      OS Version Minor:0
                                                                                                                                      File Version Major:6
                                                                                                                                      File Version Minor:0
                                                                                                                                      Subsystem Version Major:6
                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                      Import Hash:63814aaf116ba6abb6496ce4bcad24c6

                                                                                                                                      Entrypoint Preview

                                                                                                                                      Instruction
                                                                                                                                      call 00007FA7CD44E5F0h
                                                                                                                                      push ebx
                                                                                                                                      mov ebx, esp
                                                                                                                                      push ebx
                                                                                                                                      mov esi, dword ptr [ebx+08h]
                                                                                                                                      mov edi, dword ptr [ebx+10h]
                                                                                                                                      cld
                                                                                                                                      mov dl, 80h
                                                                                                                                      mov al, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      mov byte ptr [edi], al
                                                                                                                                      inc edi
                                                                                                                                      mov ebx, 00000002h
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      jnc 00007FA7CD44E48Ch
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      jnc 00007FA7CD44E4F3h
                                                                                                                                      xor eax, eax
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      jnc 00007FA7CD44E587h
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      adc eax, eax
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      adc eax, eax
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      adc eax, eax
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      adc eax, eax
                                                                                                                                      je 00007FA7CD44E4AAh
                                                                                                                                      push edi
                                                                                                                                      mov eax, eax
                                                                                                                                      sub edi, eax
                                                                                                                                      mov al, byte ptr [edi]
                                                                                                                                      pop edi
                                                                                                                                      mov byte ptr [edi], al
                                                                                                                                      inc edi
                                                                                                                                      mov ebx, 00000002h
                                                                                                                                      jmp 00007FA7CD44E43Bh
                                                                                                                                      mov eax, 00000001h
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      adc eax, eax
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      jc 00007FA7CD44E48Ch
                                                                                                                                      sub eax, ebx
                                                                                                                                      mov ebx, 00000001h
                                                                                                                                      jne 00007FA7CD44E4CAh
                                                                                                                                      mov ecx, 00000001h
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      adc ecx, ecx
                                                                                                                                      add dl, dl
                                                                                                                                      jne 00007FA7CD44E4A7h
                                                                                                                                      mov dl, byte ptr [esi]
                                                                                                                                      inc esi
                                                                                                                                      adc dl, dl
                                                                                                                                      jc 00007FA7CD44E48Ch
                                                                                                                                      push esi
                                                                                                                                      mov esi, edi
                                                                                                                                      sub esi, ebp

                                                                                                                                      Data Directories

                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1a518b0x184.idata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a70000xc8c0.rsrc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x68e0000x10.reloc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x1a60180x18.tls
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x18369c0x40
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                      Sections

                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                      0x10000x15bae80x8000071df898e3bb7791f76e12ed59326dcd2False1.000030517578125data7.99965539534534IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      0x15d0000x27e320xc600d46b2925dda747e309f73efc7cfe5f72False0.9986979166666666data7.995213678819302IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      0x1850000x49300x8003418c8de7b7967df6bb6c2c10ed53efbFalse0.9267578125data7.434788372867102IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      0x18a0000xc8c00x7200ab55f75c506de7bda0f6900ce3592598False0.9992461622807017interLaced eXtensible Trace (LXT) file (Version 19394)7.990156009217108IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      0x1970000x98580x4c00b115c4aeaf5dbd0a5ed6289fe244caf5False0.9952713815789473OpenPGP Public Key7.97673825198549IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                      .vm_sec0x1a10000x40000x4000260e2630b7c17aea8fcc14acc331fbdcFalse0.1627197265625data2.8943699511117487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .idata0x1a50000x10000x400c9c064d6bd76a21fe27ddabad4c1bad5False0.3994140625data3.405869808210115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .tls0x1a60000x10000x200e0820cafed729136bac879e4277031adFalse0.056640625data0.18120187678200297IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .rsrc0x1a70000xca000xca00128d0357f9cf8c6ae4deac65154bce26False0.6009243502475248DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 4795470227181741839890482462720.0000005.557009435024348IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .themida0x1b40000x3520000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .boot0x5060000x1874000x187400c1e1fc63d9c36264abf090352999e312False0.9858744758386582data7.954415800190369IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      .reloc0x68e0000x10000x109a86cd9aad32621e9b3fc39ac1644b9cFalse1.5GLS_BINARY_LSB_FIRST2.474601752714581IMAGE_SCN_MEM_READ

                                                                                                                                      Resources

                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                      RT_ICON0x1a72800x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152RussianRussia0.31402439024390244
                                                                                                                                      RT_ICON0x1a78f80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512RussianRussia0.42338709677419356
                                                                                                                                      RT_ICON0x1a7bf00x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288RussianRussia0.5061475409836066
                                                                                                                                      RT_ICON0x1a7de80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128RussianRussia0.5675675675675675
                                                                                                                                      RT_ICON0x1a7f200xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsRussianRussia0.46961620469083154
                                                                                                                                      RT_ICON0x1a8dd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsRussianRussia0.4020758122743682
                                                                                                                                      RT_ICON0x1a96900x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsRussianRussia0.45506912442396313
                                                                                                                                      RT_ICON0x1a9d680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsRussianRussia0.2904624277456647
                                                                                                                                      RT_ICON0x1aa2e00x4b55PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedRussianRussia0.9921182266009853
                                                                                                                                      RT_ICON0x1aee480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600RussianRussia0.316701244813278
                                                                                                                                      RT_ICON0x1b14000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224RussianRussia0.36186679174484054
                                                                                                                                      RT_ICON0x1b24b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400RussianRussia0.42418032786885246
                                                                                                                                      RT_ICON0x1b2e500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088RussianRussia0.5026595744680851
                                                                                                                                      RT_GROUP_ICON0x1b32c80xbcdataRussianRussia0.6170212765957447
                                                                                                                                      RT_VERSION0x1b33940x398OpenPGP Public KeyRussianRussia0.42282608695652174
                                                                                                                                      RT_MANIFEST0x1b373c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                      Imports

                                                                                                                                      DLLImport
                                                                                                                                      kernel32.dllGetModuleHandleA
                                                                                                                                      USER32.dllwsprintfA
                                                                                                                                      GDI32.dllCreateCompatibleBitmap
                                                                                                                                      ADVAPI32.dllRegQueryValueExA
                                                                                                                                      SHELL32.dllShellExecuteA
                                                                                                                                      ole32.dllCoInitialize
                                                                                                                                      WS2_32.dllWSAStartup
                                                                                                                                      CRYPT32.dllCryptUnprotectData
                                                                                                                                      SHLWAPI.dllPathFindExtensionA
                                                                                                                                      gdiplus.dllGdipGetImageEncoders
                                                                                                                                      SETUPAPI.dllSetupDiEnumDeviceInfo
                                                                                                                                      ntdll.dllRtlUnicodeStringToAnsiString
                                                                                                                                      RstrtMgr.DLLRmStartSession

                                                                                                                                      Possible Origin

                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                      RussianRussia
                                                                                                                                      EnglishUnited States

                                                                                                                                      Network Behavior

                                                                                                                                      Snort IDS Alerts

                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                      05/07/24-01:32:16.104894TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949703147.45.47.126192.168.2.6
                                                                                                                                      05/07/24-01:32:30.432420TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949720147.45.47.126192.168.2.6
                                                                                                                                      05/07/24-01:32:13.660877TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949699147.45.47.126192.168.2.6
                                                                                                                                      05/07/24-01:32:13.858546TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949699147.45.47.126192.168.2.6
                                                                                                                                      05/07/24-01:32:16.124524TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949702147.45.47.126192.168.2.6
                                                                                                                                      05/07/24-01:32:13.477244TCP2049060ET TROJAN RisePro TCP Heartbeat Packet4969958709192.168.2.6147.45.47.126
                                                                                                                                      05/07/24-01:32:19.524067TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4969958709192.168.2.6147.45.47.126
                                                                                                                                      05/07/24-01:32:39.555621TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949724147.45.47.126192.168.2.6

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      May 7, 2024 01:32:13.278567076 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:13.469449043 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:13.469577074 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:13.477243900 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:13.660876989 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:13.667802095 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:13.667845964 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:13.783052921 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:13.858546019 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:13.907537937 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:14.020678043 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.139029026 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.139059067 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.139132977 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.142656088 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.142673969 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.329277992 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.329396009 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.333462000 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.333468914 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.334161997 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.376305103 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.421844959 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.468121052 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.540182114 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.540312052 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.540374994 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.542649031 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.542665005 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.542674065 CEST49700443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:14.542680025 CEST4434970034.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.632894993 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:14.632950068 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.633013964 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:14.633465052 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:14.633486032 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.817739010 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.817826986 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:14.820949078 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:14.820969105 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.821257114 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.822922945 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:14.864126921 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.073194981 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.073291063 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.073404074 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:15.075107098 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:15.075129032 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.075156927 CEST49701443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:15.075164080 CEST44349701104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.075567961 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.303148031 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.315984011 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.526426077 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.532722950 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.723454952 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.724183083 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.733865023 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.733885050 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.733897924 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.733911037 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.733928919 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.733941078 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.733961105 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.733983040 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.733995914 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.734019995 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.734021902 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.734035015 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.734064102 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.734191895 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.913988113 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.914170027 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.914343119 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.914413929 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.924654007 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.924668074 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.924679041 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.924695015 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.924706936 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.924717903 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:15.924746037 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.924808025 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.930231094 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.931149960 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:15.970340967 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.104893923 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.124524117 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.157565117 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.162386894 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.165083885 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.173194885 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.188956976 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.347762108 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.363729000 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.386547089 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.391907930 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.399765015 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.399806023 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.399882078 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.400536060 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.400573969 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.400644064 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.401540041 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.401550055 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.401700974 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.401714087 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.407533884 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.438848019 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.470756054 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.489178896 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:16.579257011 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.579416990 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.579586983 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.579658031 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.585294962 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.585305929 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.585603952 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.596322060 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.596353054 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.596648932 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.626262903 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.641889095 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.643326044 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.684127092 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.687324047 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.709248066 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.723650932 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.732119083 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.791205883 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.791346073 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.791390896 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.791857958 CEST49704443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.791876078 CEST4434970434.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.805900097 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.806020975 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.806159973 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.817986965 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.817986965 CEST49705443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:16.818008900 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.818020105 CEST4434970534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.905122995 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:16.905163050 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.905235052 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:16.905622005 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:16.905633926 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.906534910 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:16.906585932 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:16.906641006 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:16.906917095 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:16.906929016 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.084634066 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.084755898 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.085287094 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.085357904 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.095485926 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.095500946 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.095884085 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.106895924 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.106918097 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.107141972 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.108345032 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.115477085 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.152116060 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.160118103 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.341321945 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.341419935 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.341485977 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.342987061 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.343020916 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.343038082 CEST49707443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.343044043 CEST44349707104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.343481064 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:17.344883919 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.344975948 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.345046997 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.349605083 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.349639893 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.349663019 CEST49706443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:17.349669933 CEST44349706104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.350029945 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:17.559513092 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.572612047 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:17.582211971 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.583497047 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:17.776004076 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.808643103 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:17.829394102 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:17.860723019 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:17.885466099 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:17.888408899 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.091717005 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091738939 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091749907 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091762066 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091773987 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091784954 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091795921 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.091799021 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091819048 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091835976 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.091849089 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.091873884 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.091912031 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.092282057 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.107815027 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107831001 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107842922 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107850075 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107861996 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107891083 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107933044 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107954025 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107966900 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107979059 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.107995987 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.107995987 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.108097076 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.282042980 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.282062054 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.282078028 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.282094002 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.282109976 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.282147884 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.282147884 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.282164097 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.282227993 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.299730062 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.299755096 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.299817085 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.299825907 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.299841881 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.299854994 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.299870014 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.299890041 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.299933910 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.329514980 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.329660892 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.525993109 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.529161930 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.548259020 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.548540115 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.726169109 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.726233006 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.744716883 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.749866009 CEST5870949703147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.798141003 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.798151970 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:18.916884899 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:18.916951895 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:19.161294937 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:19.524066925 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:19.755227089 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:20.162344933 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:20.220019102 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:20.412230968 CEST4970358709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:21.688421965 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:21.688461065 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:21.879301071 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:21.879374027 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:21.923219919 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:22.113851070 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:22.114303112 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:22.115963936 CEST5870949699147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:22.116023064 CEST4969958709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:22.118849039 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:22.173183918 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:24.766993046 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:24.957566023 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:24.959547043 CEST5870949702147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:24.961766005 CEST4970258709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:30.048589945 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:30.239197969 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:30.241782904 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:30.291966915 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:30.432420015 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:30.482439995 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:30.483721972 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:30.563910961 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:30.674212933 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:30.798213005 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:30.803563118 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:30.896719933 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:30.896770954 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:30.896895885 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:30.898324013 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:30.898345947 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.075769901 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.075838089 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:31.077431917 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:31.077442884 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.077708006 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.136724949 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:31.180124044 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.281713963 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.281841040 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.281896114 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:31.282291889 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:31.282304049 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.282320023 CEST49722443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:31.282325029 CEST4434972234.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.284739017 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.284828901 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.284914017 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.285288095 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.285316944 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.462773085 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.462853909 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.464195013 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.464205027 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.464437962 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.465769053 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.512120962 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.715261936 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.715370893 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.715668917 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.715734959 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.715754032 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.715771914 CEST49723443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:31.715778112 CEST44349723104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.716088057 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:31.938066959 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:31.938976049 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:32.138453960 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:32.188791037 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:35.175163984 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:35.365742922 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:35.366365910 CEST5870949720147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:35.366422892 CEST4972058709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:39.170718908 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:39.363013029 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:39.363157988 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:39.382421017 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:39.555620909 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:39.610807896 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:39.615998030 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:39.803148985 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:39.845071077 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:40.079535961 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:40.165095091 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.165143013 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.165254116 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.166342974 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.166359901 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.319169044 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.343914032 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.344034910 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.345854044 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.345876932 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.346240044 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.392009020 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.398524046 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.444127083 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.550690889 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.550865889 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.550939083 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.551158905 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.551186085 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.551203966 CEST49725443192.168.2.634.117.186.192
                                                                                                                                      May 7, 2024 01:32:40.551209927 CEST4434972534.117.186.192192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.552818060 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.552856922 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.552926064 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.553244114 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.553265095 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.733057022 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.733170033 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.734894991 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.734916925 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.735162020 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.736646891 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.784126997 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.996227026 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.996345997 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.996396065 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.996545076 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.996566057 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.996582031 CEST49726443192.168.2.6104.26.4.15
                                                                                                                                      May 7, 2024 01:32:40.996587992 CEST44349726104.26.4.15192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.996956110 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:41.219185114 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:41.220325947 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:41.419053078 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:41.470032930 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:45.572943926 CEST4972458709192.168.2.6147.45.47.126
                                                                                                                                      May 7, 2024 01:32:45.765316963 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:45.772630930 CEST5870949724147.45.47.126192.168.2.6
                                                                                                                                      May 7, 2024 01:32:45.772687912 CEST4972458709192.168.2.6147.45.47.126

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      May 7, 2024 01:32:14.047110081 CEST5716553192.168.2.61.1.1.1
                                                                                                                                      May 7, 2024 01:32:14.132601976 CEST53571651.1.1.1192.168.2.6
                                                                                                                                      May 7, 2024 01:32:14.544753075 CEST5560853192.168.2.61.1.1.1
                                                                                                                                      May 7, 2024 01:32:14.631848097 CEST53556081.1.1.1192.168.2.6
                                                                                                                                      May 7, 2024 01:32:40.073369980 CEST6498253192.168.2.61.1.1.1
                                                                                                                                      May 7, 2024 01:32:40.159960032 CEST53649821.1.1.1192.168.2.6

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      May 7, 2024 01:32:14.047110081 CEST192.168.2.61.1.1.10xee9bStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                      May 7, 2024 01:32:14.544753075 CEST192.168.2.61.1.1.10x3800Standard query (0)db-ip.comA (IP address)IN (0x0001)false
                                                                                                                                      May 7, 2024 01:32:40.073369980 CEST192.168.2.61.1.1.10x7a90Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      May 7, 2024 01:32:14.132601976 CEST1.1.1.1192.168.2.60xee9bNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                      May 7, 2024 01:32:14.631848097 CEST1.1.1.1192.168.2.60x3800No error (0)db-ip.com104.26.4.15A (IP address)IN (0x0001)false
                                                                                                                                      May 7, 2024 01:32:14.631848097 CEST1.1.1.1192.168.2.60x3800No error (0)db-ip.com104.26.5.15A (IP address)IN (0x0001)false
                                                                                                                                      May 7, 2024 01:32:14.631848097 CEST1.1.1.1192.168.2.60x3800No error (0)db-ip.com172.67.75.166A (IP address)IN (0x0001)false
                                                                                                                                      May 7, 2024 01:32:40.159960032 CEST1.1.1.1192.168.2.60x7a90No error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • https:
                                                                                                                                        • ipinfo.io
                                                                                                                                      • db-ip.com

                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.64970034.117.186.1924436556C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:14 UTC239OUTGET /widget/demo/156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Referer: https://ipinfo.io/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: ipinfo.io
                                                                                                                                      2024-05-06 23:32:14 UTC514INHTTP/1.1 200 OK
                                                                                                                                      server: nginx/1.24.0
                                                                                                                                      date: Mon, 06 May 2024 23:32:14 GMT
                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                      Content-Length: 1049
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      referrer-policy: strict-origin-when-cross-origin
                                                                                                                                      x-envoy-upstream-service-time: 3
                                                                                                                                      via: 1.1 google
                                                                                                                                      strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close
                                                                                                                                      2024-05-06 23:32:14 UTC741INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 75 6e 6e 2d 31 35 36 2d 31 34 36 2d 33 37 2d 31 30 32 2e 63 64 6e 37 37 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70
                                                                                                                                      Data Ascii: { "input": "156.146.37.102", "data": { "ip": "156.146.37.102", "hostname": "unn-156-146-37-102.cdn77.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS212238 Datacamp
                                                                                                                                      2024-05-06 23:32:14 UTC308INData Raw: 22 73 65 72 76 69 63 65 22 3a 20 22 43 79 62 65 72 47 68 6f 73 74 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 62 75 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 2c 20 5a 64 65 6e 65 6b 20 43 65 6e 64 72 61 2c 20 32 30 37 20 52 65 67 65 6e 74 20 53 74 72 65 65 74 2c 20 57 31 42 20 33 48 48 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 4e 49 54 45 44 20 4b 49 4e 47 44 4f 4d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 64 61 74 61 63 61 6d 70 2e 63 6f 2e 75 6b 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 43 6f 6e 74 61 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f
                                                                                                                                      Data Ascii: "service": "CyberGhost" }, "abuse": { "address": "Datacamp Limited, Zdenek Cendra, 207 Regent Street, W1B 3HH, London, UNITED KINGDOM", "country": "US", "email": "abuse@datacamp.co.uk", "name": "Abuse Contact", "netwo


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.649701104.26.4.154436556C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:14 UTC263OUTGET /demo/home.php?s=156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: db-ip.com
                                                                                                                                      2024-05-06 23:32:15 UTC658INHTTP/1.1 200 OK
                                                                                                                                      Date: Mon, 06 May 2024 23:32:15 GMT
                                                                                                                                      Content-Type: application/json
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      x-iplb-request-id: AC4672EE:F22E_93878F2E:0050_6639687F_BF05061:4F34
                                                                                                                                      x-iplb-instance: 59215
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3sg8XUKq2fWJDoYhDgfxHku%2BaIrgTVv6Jnha3ivfmHQKMSCexB7jrkClCi%2FWgcKX4X%2BnXfFeiKmHXiGjiAguyWDoMTI6o8ktBgUB8%2FKPl9%2BUn7jLSmy3nm9J9w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87fcc4b9ac053344-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-05-06 23:32:15 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                      Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                      2024-05-06 23:32:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.64970434.117.186.1924432836C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:16 UTC239OUTGET /widget/demo/156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Referer: https://ipinfo.io/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: ipinfo.io
                                                                                                                                      2024-05-06 23:32:16 UTC514INHTTP/1.1 200 OK
                                                                                                                                      server: nginx/1.24.0
                                                                                                                                      date: Mon, 06 May 2024 23:32:16 GMT
                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                      Content-Length: 1049
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      referrer-policy: strict-origin-when-cross-origin
                                                                                                                                      x-envoy-upstream-service-time: 3
                                                                                                                                      via: 1.1 google
                                                                                                                                      strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close
                                                                                                                                      2024-05-06 23:32:16 UTC741INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 75 6e 6e 2d 31 35 36 2d 31 34 36 2d 33 37 2d 31 30 32 2e 63 64 6e 37 37 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70
                                                                                                                                      Data Ascii: { "input": "156.146.37.102", "data": { "ip": "156.146.37.102", "hostname": "unn-156-146-37-102.cdn77.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS212238 Datacamp
                                                                                                                                      2024-05-06 23:32:16 UTC308INData Raw: 22 73 65 72 76 69 63 65 22 3a 20 22 43 79 62 65 72 47 68 6f 73 74 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 62 75 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 2c 20 5a 64 65 6e 65 6b 20 43 65 6e 64 72 61 2c 20 32 30 37 20 52 65 67 65 6e 74 20 53 74 72 65 65 74 2c 20 57 31 42 20 33 48 48 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 4e 49 54 45 44 20 4b 49 4e 47 44 4f 4d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 64 61 74 61 63 61 6d 70 2e 63 6f 2e 75 6b 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 43 6f 6e 74 61 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f
                                                                                                                                      Data Ascii: "service": "CyberGhost" }, "abuse": { "address": "Datacamp Limited, Zdenek Cendra, 207 Regent Street, W1B 3HH, London, UNITED KINGDOM", "country": "US", "email": "abuse@datacamp.co.uk", "name": "Abuse Contact", "netwo


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.64970534.117.186.1924434896C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:16 UTC239OUTGET /widget/demo/156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Referer: https://ipinfo.io/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: ipinfo.io
                                                                                                                                      2024-05-06 23:32:16 UTC514INHTTP/1.1 200 OK
                                                                                                                                      server: nginx/1.24.0
                                                                                                                                      date: Mon, 06 May 2024 23:32:16 GMT
                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                      Content-Length: 1049
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      referrer-policy: strict-origin-when-cross-origin
                                                                                                                                      x-envoy-upstream-service-time: 3
                                                                                                                                      via: 1.1 google
                                                                                                                                      strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close
                                                                                                                                      2024-05-06 23:32:16 UTC741INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 75 6e 6e 2d 31 35 36 2d 31 34 36 2d 33 37 2d 31 30 32 2e 63 64 6e 37 37 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70
                                                                                                                                      Data Ascii: { "input": "156.146.37.102", "data": { "ip": "156.146.37.102", "hostname": "unn-156-146-37-102.cdn77.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS212238 Datacamp
                                                                                                                                      2024-05-06 23:32:16 UTC308INData Raw: 22 73 65 72 76 69 63 65 22 3a 20 22 43 79 62 65 72 47 68 6f 73 74 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 62 75 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 2c 20 5a 64 65 6e 65 6b 20 43 65 6e 64 72 61 2c 20 32 30 37 20 52 65 67 65 6e 74 20 53 74 72 65 65 74 2c 20 57 31 42 20 33 48 48 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 4e 49 54 45 44 20 4b 49 4e 47 44 4f 4d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 64 61 74 61 63 61 6d 70 2e 63 6f 2e 75 6b 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 43 6f 6e 74 61 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f
                                                                                                                                      Data Ascii: "service": "CyberGhost" }, "abuse": { "address": "Datacamp Limited, Zdenek Cendra, 207 Regent Street, W1B 3HH, London, UNITED KINGDOM", "country": "US", "email": "abuse@datacamp.co.uk", "name": "Abuse Contact", "netwo


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      4192.168.2.649706104.26.4.154432836C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:17 UTC263OUTGET /demo/home.php?s=156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: db-ip.com
                                                                                                                                      2024-05-06 23:32:17 UTC656INHTTP/1.1 200 OK
                                                                                                                                      Date: Mon, 06 May 2024 23:32:17 GMT
                                                                                                                                      Content-Type: application/json
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      x-iplb-request-id: A29E9BB6:344C_93878F2E:0050_66396881_BEEBD25:7B63
                                                                                                                                      x-iplb-instance: 59128
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8xLGRAOATULaeTl%2BOlomlA1GkTbmGWlYW0N7FwDb6NiVQDqb777ROsLlJ8MysLQOoElFi7JC1UuSo46FY6KBphCSTrBvTI1%2BThvTzbafnWyof%2BUBX%2BaMM54pYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87fcc4c7db7b4381-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-05-06 23:32:17 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                      Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                      2024-05-06 23:32:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      5192.168.2.649707104.26.4.154434896C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:17 UTC263OUTGET /demo/home.php?s=156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: db-ip.com
                                                                                                                                      2024-05-06 23:32:17 UTC650INHTTP/1.1 200 OK
                                                                                                                                      Date: Mon, 06 May 2024 23:32:17 GMT
                                                                                                                                      Content-Type: application/json
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      x-iplb-request-id: A29E9B6C:3948_93878F2E:0050_66396881_BF05093:4F34
                                                                                                                                      x-iplb-instance: 59215
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0vmuqs6yH6WK7HVy5SpsE0OaVopBt1ok7QGc0cUpS9f6VG8a0y5uTVXN%2BhvK7zhr4cX0Rhl1dF5YZ6PGACKs2xcqzi8BkU42IuG5O6HgorPx2zXgnSgmiivVsw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87fcc4c7de1f4307-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-05-06 23:32:17 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                      Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                      2024-05-06 23:32:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      6192.168.2.64972234.117.186.1924433604C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:31 UTC239OUTGET /widget/demo/156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Referer: https://ipinfo.io/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: ipinfo.io
                                                                                                                                      2024-05-06 23:32:31 UTC514INHTTP/1.1 200 OK
                                                                                                                                      server: nginx/1.24.0
                                                                                                                                      date: Mon, 06 May 2024 23:32:31 GMT
                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                      Content-Length: 1049
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      referrer-policy: strict-origin-when-cross-origin
                                                                                                                                      x-envoy-upstream-service-time: 2
                                                                                                                                      via: 1.1 google
                                                                                                                                      strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close
                                                                                                                                      2024-05-06 23:32:31 UTC741INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 75 6e 6e 2d 31 35 36 2d 31 34 36 2d 33 37 2d 31 30 32 2e 63 64 6e 37 37 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70
                                                                                                                                      Data Ascii: { "input": "156.146.37.102", "data": { "ip": "156.146.37.102", "hostname": "unn-156-146-37-102.cdn77.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS212238 Datacamp
                                                                                                                                      2024-05-06 23:32:31 UTC308INData Raw: 22 73 65 72 76 69 63 65 22 3a 20 22 43 79 62 65 72 47 68 6f 73 74 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 62 75 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 2c 20 5a 64 65 6e 65 6b 20 43 65 6e 64 72 61 2c 20 32 30 37 20 52 65 67 65 6e 74 20 53 74 72 65 65 74 2c 20 57 31 42 20 33 48 48 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 4e 49 54 45 44 20 4b 49 4e 47 44 4f 4d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 64 61 74 61 63 61 6d 70 2e 63 6f 2e 75 6b 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 43 6f 6e 74 61 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f
                                                                                                                                      Data Ascii: "service": "CyberGhost" }, "abuse": { "address": "Datacamp Limited, Zdenek Cendra, 207 Regent Street, W1B 3HH, London, UNITED KINGDOM", "country": "US", "email": "abuse@datacamp.co.uk", "name": "Abuse Contact", "netwo


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      7192.168.2.649723104.26.4.154433604C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:31 UTC263OUTGET /demo/home.php?s=156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: db-ip.com
                                                                                                                                      2024-05-06 23:32:31 UTC658INHTTP/1.1 200 OK
                                                                                                                                      Date: Mon, 06 May 2024 23:32:31 GMT
                                                                                                                                      Content-Type: application/json
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      x-iplb-request-id: AC466E89:96EC_93878F2E:0050_6639688F_BF051B0:4F34
                                                                                                                                      x-iplb-instance: 59215
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r1xhB03oQXQy%2F208drHqG66uSOHG068g%2BG1zXr14QdOcAcp%2B2XB9fZSMZlVUlB8lfB4BwPxhaqMjFW5fbn2t3VFiRC%2BKE1HOfPKcNtWLYHttp4dB%2FKHjT3i60w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87fcc521b9dac481-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-05-06 23:32:31 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                      Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                      2024-05-06 23:32:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      8192.168.2.64972534.117.186.1924435700C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:40 UTC239OUTGET /widget/demo/156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Referer: https://ipinfo.io/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: ipinfo.io
                                                                                                                                      2024-05-06 23:32:40 UTC514INHTTP/1.1 200 OK
                                                                                                                                      server: nginx/1.24.0
                                                                                                                                      date: Mon, 06 May 2024 23:32:40 GMT
                                                                                                                                      content-type: application/json; charset=utf-8
                                                                                                                                      Content-Length: 1049
                                                                                                                                      access-control-allow-origin: *
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                      referrer-policy: strict-origin-when-cross-origin
                                                                                                                                      x-envoy-upstream-service-time: 2
                                                                                                                                      via: 1.1 google
                                                                                                                                      strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close
                                                                                                                                      2024-05-06 23:32:40 UTC741INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 36 2e 31 34 36 2e 33 37 2e 31 30 32 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 75 6e 6e 2d 31 35 36 2d 31 34 36 2d 33 37 2d 31 30 32 2e 63 64 6e 37 37 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70
                                                                                                                                      Data Ascii: { "input": "156.146.37.102", "data": { "ip": "156.146.37.102", "hostname": "unn-156-146-37-102.cdn77.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS212238 Datacamp
                                                                                                                                      2024-05-06 23:32:40 UTC308INData Raw: 22 73 65 72 76 69 63 65 22 3a 20 22 43 79 62 65 72 47 68 6f 73 74 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 62 75 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 2c 20 5a 64 65 6e 65 6b 20 43 65 6e 64 72 61 2c 20 32 30 37 20 52 65 67 65 6e 74 20 53 74 72 65 65 74 2c 20 57 31 42 20 33 48 48 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 4e 49 54 45 44 20 4b 49 4e 47 44 4f 4d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 64 61 74 61 63 61 6d 70 2e 63 6f 2e 75 6b 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 43 6f 6e 74 61 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f
                                                                                                                                      Data Ascii: "service": "CyberGhost" }, "abuse": { "address": "Datacamp Limited, Zdenek Cendra, 207 Regent Street, W1B 3HH, London, UNITED KINGDOM", "country": "US", "email": "abuse@datacamp.co.uk", "name": "Abuse Contact", "netwo


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      9192.168.2.649726104.26.4.154435700C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-05-06 23:32:40 UTC263OUTGET /demo/home.php?s=156.146.37.102 HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                      Host: db-ip.com
                                                                                                                                      2024-05-06 23:32:40 UTC656INHTTP/1.1 200 OK
                                                                                                                                      Date: Mon, 06 May 2024 23:32:40 GMT
                                                                                                                                      Content-Type: application/json
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      x-iplb-request-id: AC46E6AE:DFDA_93878F2E:0050_66396898_BF052C3:4F34
                                                                                                                                      x-iplb-instance: 59215
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UecsH8W5bO88a73XJYj0GLZYQJ5cWjEXMLMSIg60rfWsca58GT%2BLfQUj59CwRdLg%2F4AW2KEBSgbbUqOecA%2Bfok0qIctZiatQcrwXuDwSZvL71xwB8X%2BUGwBVYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 87fcc55baa4c8c5f-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      2024-05-06 23:32:40 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                      Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                      2024-05-06 23:32:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:01:32:10
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Users\user\Desktop\bUHMq54m6Q.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\bUHMq54m6Q.exe"
                                                                                                                                      Imagebase:0x510000
                                                                                                                                      File size:2'298'896 bytes
                                                                                                                                      MD5 hash:2CF4B5CF327757376E717AB5554B921B
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:01:32:12
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                                                                                                                      Imagebase:0x1e0000
                                                                                                                                      File size:187'904 bytes
                                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:3
                                                                                                                                      Start time:01:32:12
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:01:32:12
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                      Imagebase:0x1e0000
                                                                                                                                      File size:187'904 bytes
                                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:5
                                                                                                                                      Start time:01:32:12
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:6
                                                                                                                                      Start time:01:32:12
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      Imagebase:0xf00000
                                                                                                                                      File size:2'298'896 bytes
                                                                                                                                      MD5 hash:2CF4B5CF327757376E717AB5554B921B
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                      • Detection: 47%, ReversingLabs
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:7
                                                                                                                                      Start time:01:32:13
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                      Imagebase:0xf00000
                                                                                                                                      File size:2'298'896 bytes
                                                                                                                                      MD5 hash:2CF4B5CF327757376E717AB5554B921B
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:10
                                                                                                                                      Start time:01:32:21
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 1888
                                                                                                                                      Imagebase:0x970000
                                                                                                                                      File size:483'680 bytes
                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:13
                                                                                                                                      Start time:01:32:24
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 1148
                                                                                                                                      Imagebase:0x970000
                                                                                                                                      File size:483'680 bytes
                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:14
                                                                                                                                      Start time:01:32:25
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                      Imagebase:0x360000
                                                                                                                                      File size:2'298'896 bytes
                                                                                                                                      MD5 hash:2CF4B5CF327757376E717AB5554B921B
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                      • Detection: 47%, ReversingLabs
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:18
                                                                                                                                      Start time:01:32:35
                                                                                                                                      Start date:07/05/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                      Imagebase:0x360000
                                                                                                                                      File size:2'298'896 bytes
                                                                                                                                      MD5 hash:2CF4B5CF327757376E717AB5554B921B
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:23.9%
                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                        Signature Coverage:46.3%
                                                                                                                                        Total number of Nodes:2000
                                                                                                                                        Total number of Limit Nodes:56
                                                                                                                                        execution_graph 45442 529950 45443 529978 std::ios_base::_Ios_base_dtor 45442->45443 45444 529968 45442->45444 45444->45443 45454 548c70 45444->45454 45459 548bac 41 API calls __fread_nolock 45454->45459 45456 548c7f 45460 548c8d 11 API calls std::locale::_Setgloballocale 45456->45460 45458 548c8c 45459->45456 45460->45458 45461 530ad0 45466 5314a0 45461->45466 45463 530ae0 45464 530b2a 45463->45464 45471 539e20 45463->45471 45467 5314cb 45466->45467 45468 5314ee 45467->45468 45469 539e20 41 API calls 45467->45469 45468->45463 45470 53150b 45469->45470 45470->45463 45472 539e62 45471->45472 45473 539f76 45471->45473 45475 539e7c 45472->45475 45476 539eca 45472->45476 45477 539eba 45472->45477 45498 513330 RaiseException 45473->45498 45489 543672 45475->45489 45482 543672 std::_Facet_Register 3 API calls 45476->45482 45486 539e9a std::locale::_Locimp::_Locimp 45476->45486 45477->45475 45478 539f7b 45477->45478 45499 512b50 RaiseException Concurrency::cancel_current_task std::_Throw_Cpp_error ___std_exception_copy 45478->45499 45481 539e8f 45483 539f80 45481->45483 45481->45486 45482->45486 45484 548c70 std::_Throw_Cpp_error 41 API calls 45483->45484 45485 539f85 45484->45485 45497 5377d0 41 API calls 2 library calls 45486->45497 45488 539f47 45488->45464 45490 543677 45489->45490 45491 543691 45490->45491 45494 512b50 Concurrency::cancel_current_task 45490->45494 45503 555a89 RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 45490->45503 45491->45481 45493 54369d 45493->45493 45494->45493 45500 5451fb 45494->45500 45496 512b6c ___std_exception_copy 45496->45481 45497->45488 45499->45483 45501 545215 45500->45501 45502 545242 RaiseException 45500->45502 45501->45502 45502->45496 45503->45490 45504 56dc50 45505 56dd91 45504->45505 45506 56dc9d 45504->45506 45524 52ab20 45505->45524 45508 52ab20 41 API calls 45506->45508 45510 56dcf9 45508->45510 45601 52b980 41 API calls 45510->45601 45513 56de08 45534 591b90 45513->45534 45514 56dd50 45602 5f5f70 11 API calls 45514->45602 45519 56dd70 45603 5288d0 45519->45603 45522 56dd82 45608 512df0 45522->45608 45525 52ab55 45524->45525 45527 52aba3 45525->45527 45619 52e8a0 45525->45619 45528 52ab83 45529 5263b0 45528->45529 45530 5263d8 45529->45530 45531 5263e7 45530->45531 45532 5132d0 std::_Throw_Cpp_error 41 API calls 45530->45532 45531->45513 45533 52642a std::locale::_Locimp::_Locimp 45532->45533 45533->45513 45638 5f6c20 45534->45638 45536 5943bc 45537 512df0 std::_Throw_Cpp_error 41 API calls 45536->45537 45538 56de15 45537->45538 45539 59441d 45540 512cf0 std::_Throw_Cpp_error 41 API calls 45539->45540 45541 59442d 45540->45541 45544 594518 45545 512cf0 std::_Throw_Cpp_error 41 API calls 45544->45545 45548 59445c 45551 548c70 std::_Throw_Cpp_error 41 API calls 45548->45551 45549 52af80 41 API calls 45598 591bec __fread_nolock std::locale::_Locimp::_Locimp 45549->45598 45554 594461 45551->45554 45552 5943de 45734 512cf0 45552->45734 45740 512b50 RaiseException Concurrency::cancel_current_task std::_Throw_Cpp_error ___std_exception_copy 45554->45740 45561 594466 45741 513330 RaiseException 45561->45741 45565 59446b 45566 512cf0 std::_Throw_Cpp_error 41 API calls 45565->45566 45567 52b0e0 41 API calls 45567->45598 45571 5944c4 45577 512cf0 std::_Throw_Cpp_error 41 API calls 45571->45577 45584 5f6450 44 API calls 45584->45598 45585 5132d0 41 API calls std::_Throw_Cpp_error 45585->45598 45586 592713 SHGetFolderPathA 45586->45598 45587 592a15 SHGetFolderPathA 45587->45598 45588 592d13 SHGetFolderPathA 45588->45598 45589 593073 SHGetFolderPathA 45589->45598 45590 59339b SHGetFolderPathA 45590->45598 45591 512fe0 41 API calls std::_Throw_Cpp_error 45591->45598 45592 5936a5 SHGetFolderPathA 45592->45598 45594 513040 41 API calls std::_Throw_Cpp_error 45594->45598 45595 543672 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 45595->45598 45596 5285d0 76 API calls 45596->45598 45597 5263b0 41 API calls std::_Throw_Cpp_error 45597->45598 45598->45536 45598->45539 45598->45544 45598->45548 45598->45549 45598->45552 45598->45554 45598->45561 45598->45565 45598->45567 45598->45571 45598->45584 45598->45585 45598->45586 45598->45587 45598->45588 45598->45589 45598->45590 45598->45591 45598->45592 45598->45594 45598->45595 45598->45596 45598->45597 45599 512df0 41 API calls std::_Throw_Cpp_error 45598->45599 45600 528b00 41 API calls 45598->45600 45653 5512b7 50 API calls __fread_nolock 45598->45653 45654 594560 45598->45654 45733 526130 41 API calls 2 library calls 45598->45733 45599->45598 45600->45598 45601->45514 45602->45519 45604 5288f3 45603->45604 45605 528914 std::ios_base::_Ios_base_dtor 45603->45605 45604->45605 45606 548c70 std::_Throw_Cpp_error 41 API calls 45604->45606 45605->45522 45607 528947 45606->45607 45609 512e13 45608->45609 45610 512e2e std::ios_base::_Ios_base_dtor 45608->45610 45609->45610 45611 548c70 std::_Throw_Cpp_error 41 API calls 45609->45611 45610->45505 45612 512e5f 45611->45612 45613 512e88 45612->45613 45614 5132d0 std::_Throw_Cpp_error 41 API calls 45612->45614 45613->45505 45616 512eee std::locale::_Locimp::_Locimp 45614->45616 45615 512f3c std::locale::_Locimp::_Locimp 45615->45505 45616->45615 46060 512fe0 41 API calls 2 library calls 45616->46060 45618 512f2b 45618->45505 45620 52e8f8 std::locale::_Locimp::_Locimp 45619->45620 45621 52e8ce 45619->45621 45620->45528 45623 5132d0 45621->45623 45624 5132e2 45623->45624 45628 513306 45623->45628 45625 5132e9 45624->45625 45626 51331f 45624->45626 45630 543672 std::_Facet_Register 3 API calls 45625->45630 45637 512b50 RaiseException Concurrency::cancel_current_task std::_Throw_Cpp_error ___std_exception_copy 45626->45637 45627 513318 45627->45620 45628->45627 45631 543672 std::_Facet_Register 3 API calls 45628->45631 45632 5132ef 45630->45632 45633 513310 45631->45633 45634 548c70 std::_Throw_Cpp_error 41 API calls 45632->45634 45635 5132f8 45632->45635 45633->45620 45636 513329 45634->45636 45635->45620 45637->45632 45772 542b99 45638->45772 45641 5f6ccd 45778 542534 45641->45778 45642 5f6c57 45643 5f6cd4 45642->45643 45644 5f6c63 45642->45644 45646 542534 std::_Throw_Cpp_error 76 API calls 45643->45646 45647 5f6c92 45644->45647 45650 5f6c7b GetFileAttributesA 45644->45650 45648 5f6ce5 45646->45648 45775 542baa 45647->45775 45650->45647 45652 5f6c87 GetLastError 45650->45652 45652->45647 45653->45598 45655 5945c1 45654->45655 45656 595ce4 45654->45656 45658 5f6c20 86 API calls 45655->45658 45659 595d5a 45655->45659 46035 5439b3 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive SleepConditionVariableSRW 45656->46035 45733->45598 45735 512d13 45734->45735 45735->45735 45740->45561 45786 542bc8 GetCurrentThreadId 45772->45786 45776 542bc4 45775->45776 45777 542bb6 RtlReleaseSRWLockExclusive 45775->45777 45776->45598 45777->45776 45779 54254a std::_Throw_Cpp_error 45778->45779 45810 5424e7 45779->45810 45787 542c11 45786->45787 45788 542bf2 45786->45788 45789 542c1a 45787->45789 45794 542c31 45787->45794 45790 542c07 45788->45790 45791 542bf7 RtlAcquireSRWLockExclusive 45788->45791 45789->45790 45792 542c25 RtlAcquireSRWLockExclusive 45789->45792 45801 543d77 45790->45801 45791->45790 45792->45790 45793 542c90 45793->45790 45796 542c97 RtlTryAcquireSRWLockExclusive 45793->45796 45794->45793 45799 542c49 45794->45799 45796->45790 45797 542ba6 45797->45641 45797->45642 45799->45790 45800 542c80 RtlTryAcquireSRWLockExclusive 45799->45800 45808 54302b GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 45799->45808 45800->45790 45800->45799 45802 543d80 IsProcessorFeaturePresent 45801->45802 45803 543d7f 45801->45803 45805 54455a 45802->45805 45803->45797 45809 54451d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 45805->45809 45807 54463d 45807->45797 45808->45799 45809->45807 45811 5424f3 __EH_prolog3_GS 45810->45811 45812 512cf0 std::_Throw_Cpp_error 41 API calls 45811->45812 45813 542507 45812->45813 45833 5136e0 45813->45833 46035->45655 46060->45618 46061 571d90 46062 571de0 46061->46062 46063 52ab20 41 API calls 46062->46063 46064 571eb4 46063->46064 46065 5f6c20 86 API calls 46064->46065 46066 571eda 46065->46066 46069 571efd 46066->46069 46131 5f6b90 46066->46131 46068 57291f 46071 5f66f0 93 API calls 46068->46071 46072 57293e 46068->46072 46069->46068 46069->46072 46143 52b260 46069->46143 46071->46072 46074 52ab20 41 API calls 46072->46074 46073 572910 46186 518ab0 41 API calls std::ios_base::_Ios_base_dtor 46073->46186 46075 572a23 46074->46075 46077 5f6c20 86 API calls 46075->46077 46078 572a49 46077->46078 46079 5f6b90 85 API calls 46078->46079 46082 572a6c 46078->46082 46079->46082 46080 5734a9 46084 512df0 std::_Throw_Cpp_error 41 API calls 46080->46084 46081 57348e 46081->46080 46085 5f66f0 93 API calls 46081->46085 46082->46080 46082->46081 46083 52b260 41 API calls 46082->46083 46097 572a9c 46083->46097 46086 5734bb 46084->46086 46085->46080 46087 512df0 std::_Throw_Cpp_error 41 API calls 46086->46087 46089 5734ca 46087->46089 46088 57347f 46189 518ab0 41 API calls std::ios_base::_Ios_base_dtor 46088->46189 46091 52b260 41 API calls 46114 571f2d 46091->46114 46093 523200 41 API calls 46093->46097 46094 5263b0 41 API calls std::_Throw_Cpp_error 46094->46114 46095 52b260 41 API calls 46095->46097 46097->46088 46097->46093 46097->46095 46102 5263b0 41 API calls std::_Throw_Cpp_error 46097->46102 46110 5f6b90 85 API calls 46097->46110 46113 5f6c20 86 API calls 46097->46113 46115 549820 43 API calls 46097->46115 46117 52ac50 41 API calls 46097->46117 46118 52ae20 41 API calls 46097->46118 46119 52abb0 41 API calls 46097->46119 46120 5230f0 41 API calls 46097->46120 46121 526240 41 API calls 46097->46121 46122 54d0a8 78 API calls 46097->46122 46124 512cf0 41 API calls std::_Throw_Cpp_error 46097->46124 46126 512df0 41 API calls std::_Throw_Cpp_error 46097->46126 46128 513350 78 API calls 46097->46128 46129 52af80 41 API calls 46097->46129 46130 52b400 41 API calls 46097->46130 46187 526210 41 API calls std::_Throw_Cpp_error 46097->46187 46188 518ab0 41 API calls std::ios_base::_Ios_base_dtor 46097->46188 46099 5f6b90 85 API calls 46099->46114 46100 5f6c20 86 API calls 46100->46114 46102->46097 46103 52ac50 41 API calls 46103->46114 46107 5230f0 41 API calls 46107->46114 46108 526240 41 API calls 46108->46114 46109 512df0 41 API calls std::_Throw_Cpp_error 46109->46114 46110->46097 46111 523200 41 API calls 46111->46114 46113->46097 46114->46073 46114->46091 46114->46094 46114->46099 46114->46100 46114->46103 46114->46107 46114->46108 46114->46109 46114->46111 46116 512cf0 41 API calls std::_Throw_Cpp_error 46114->46116 46123 52b400 41 API calls 46114->46123 46127 52af80 41 API calls 46114->46127 46164 526210 41 API calls std::_Throw_Cpp_error 46114->46164 46165 52ae20 46114->46165 46168 52abb0 46114->46168 46172 549820 46114->46172 46175 513350 46114->46175 46179 54d0a8 46114->46179 46185 518ab0 41 API calls std::ios_base::_Ios_base_dtor 46114->46185 46115->46097 46116->46114 46117->46097 46118->46097 46119->46097 46120->46097 46121->46097 46122->46097 46123->46114 46124->46097 46126->46097 46127->46114 46128->46097 46129->46097 46130->46097 46132 542b99 12 API calls 46131->46132 46133 5f6bbd 46132->46133 46134 5f6bc4 46133->46134 46135 5f6c02 46133->46135 46136 5f6c09 46134->46136 46137 5f6bd0 CreateDirectoryA 46134->46137 46138 542534 std::_Throw_Cpp_error 76 API calls 46135->46138 46140 542534 std::_Throw_Cpp_error 76 API calls 46136->46140 46139 542baa RtlReleaseSRWLockExclusive 46137->46139 46138->46136 46141 5f6bee 46139->46141 46142 5f6c1a 46140->46142 46141->46069 46144 543672 std::_Facet_Register 3 API calls 46143->46144 46145 52b2b8 46144->46145 46146 52b2e2 46145->46146 46147 52b3b4 46145->46147 46148 543672 std::_Facet_Register 3 API calls 46146->46148 46150 512cf0 std::_Throw_Cpp_error 41 API calls 46147->46150 46149 52b2f7 46148->46149 46190 53e7e0 46149->46190 46151 52b3c4 46150->46151 46152 52ace0 41 API calls 46151->46152 46154 52b3d9 46152->46154 46156 517cf0 41 API calls 46154->46156 46155 52b33b 46157 52b352 46155->46157 46160 52d1d0 41 API calls 46155->46160 46159 52b3ee 46156->46159 46202 52d1d0 46157->46202 46162 5451fb std::_Throw_Cpp_error RaiseException 46159->46162 46160->46157 46161 52b390 std::ios_base::_Ios_base_dtor 46161->46114 46163 52b3ff 46162->46163 46164->46114 46247 52e710 46165->46247 46167 52ae54 46167->46114 46169 52abe1 46168->46169 46169->46169 46170 528f00 std::_Throw_Cpp_error 41 API calls 46169->46170 46171 52abf6 46170->46171 46171->46114 46252 54975e 46172->46252 46176 513367 46175->46176 46324 550d33 46176->46324 46180 54d0bb __fread_nolock 46179->46180 46465 54cf83 46180->46465 46182 54d0c7 46183 54899c __fread_nolock 41 API calls 46182->46183 46185->46114 46186->46068 46187->46097 46188->46097 46189->46081 46191 53e9ff 46190->46191 46197 53e82a 46190->46197 46191->46155 46193 5263b0 41 API calls std::_Throw_Cpp_error 46193->46197 46194 53ea1a 46240 517260 RaiseException 46194->46240 46196 543672 std::_Facet_Register 3 API calls 46196->46197 46197->46191 46197->46193 46197->46194 46197->46196 46199 512df0 std::_Throw_Cpp_error 41 API calls 46197->46199 46207 523d50 46197->46207 46198 53ea1f 46200 53ea3d 46198->46200 46241 53d6a0 41 API calls std::_Throw_Cpp_error 46198->46241 46199->46197 46200->46155 46203 52d1f8 std::ios_base::_Ios_base_dtor 46202->46203 46206 52d24d 46202->46206 46204 52d1d0 41 API calls 46203->46204 46205 512df0 std::_Throw_Cpp_error 41 API calls 46203->46205 46203->46206 46204->46203 46205->46203 46206->46161 46208 523d8f 46207->46208 46233 523df7 std::locale::_Locimp::_Locimp 46207->46233 46209 523d96 46208->46209 46210 523e69 46208->46210 46211 523f1e 46208->46211 46212 523f7d 46208->46212 46208->46233 46215 543672 std::_Facet_Register 3 API calls 46209->46215 46214 543672 std::_Facet_Register 3 API calls 46210->46214 46244 527e80 41 API calls 2 library calls 46211->46244 46216 543672 std::_Facet_Register 3 API calls 46212->46216 46217 523e73 46214->46217 46218 523da0 46215->46218 46219 523f8a 46216->46219 46217->46233 46243 53bf30 41 API calls 3 library calls 46217->46243 46220 543672 std::_Facet_Register 3 API calls 46218->46220 46223 523fd3 46219->46223 46224 52408e 46219->46224 46219->46233 46222 523dd2 46220->46222 46242 53f460 41 API calls 2 library calls 46222->46242 46228 524004 46223->46228 46229 523fdb 46223->46229 46245 513330 RaiseException 46224->46245 46225 523eb1 46225->46233 46236 523d50 41 API calls 46225->46236 46230 543672 std::_Facet_Register 3 API calls 46228->46230 46231 524093 46229->46231 46232 523fe6 46229->46232 46230->46233 46246 512b50 RaiseException Concurrency::cancel_current_task std::_Throw_Cpp_error ___std_exception_copy 46231->46246 46235 543672 std::_Facet_Register 3 API calls 46232->46235 46233->46197 46237 523fec 46235->46237 46236->46225 46237->46233 46238 548c70 std::_Throw_Cpp_error 41 API calls 46237->46238 46239 52409d 46238->46239 46240->46198 46241->46198 46242->46233 46243->46225 46244->46233 46246->46237 46248 52e753 46247->46248 46249 5132d0 std::_Throw_Cpp_error 41 API calls 46248->46249 46250 52e758 std::locale::_Locimp::_Locimp 46248->46250 46251 52e843 std::locale::_Locimp::_Locimp 46249->46251 46250->46167 46251->46167 46255 54976a __fread_nolock 46252->46255 46253 549771 46277 5516ff 14 API calls __dosmaperr 46253->46277 46255->46253 46257 549791 46255->46257 46256 549776 46278 548c60 41 API calls __fread_nolock 46256->46278 46258 549796 46257->46258 46259 5497a3 46257->46259 46279 5516ff 14 API calls __dosmaperr 46258->46279 46269 55a8ef 46259->46269 46263 549781 46263->46114 46270 55a8fb __fread_nolock 46269->46270 46282 55424b RtlEnterCriticalSection 46270->46282 46277->46256 46278->46263 46279->46263 46325 550d47 __fread_nolock 46324->46325 46326 550d69 46325->46326 46328 550d90 46325->46328 46347 548be3 29 API calls 2 library calls 46326->46347 46333 54e396 46328->46333 46329 550d84 46341 54899c 46329->46341 46334 54e3a2 __fread_nolock 46333->46334 46348 551250 RtlEnterCriticalSection 46334->46348 46347->46329 46466 54cf8f __fread_nolock 46465->46466 46467 54cfbc 46466->46467 46468 54cf99 46466->46468 46475 54cfb4 46467->46475 46476 551250 RtlEnterCriticalSection 46467->46476 46491 548be3 29 API calls 2 library calls 46468->46491 46471 54cfda 46477 54d01a 46471->46477 46475->46182 46476->46471 46491->46475 46745 56e0c0 46801 51b8e0 46745->46801 46747 56e121 46748 52ab20 41 API calls 46747->46748 46749 56e198 CreateDirectoryA 46748->46749 46753 56e85e 46749->46753 46790 56e1cc 46749->46790 46750 56f0ed 46752 512df0 std::_Throw_Cpp_error 41 API calls 46750->46752 46751 56e825 46754 5263b0 std::_Throw_Cpp_error 41 API calls 46751->46754 46755 56f0fc 46752->46755 46753->46750 46756 52ab20 41 API calls 46753->46756 46757 56e839 46754->46757 46758 56e8e2 CreateDirectoryA 46756->46758 47440 5eefb0 46757->47440 46760 56f0db 46758->46760 46792 56e910 46758->46792 46762 512df0 std::_Throw_Cpp_error 41 API calls 46760->46762 46762->46750 46763 56f09f 46767 5263b0 std::_Throw_Cpp_error 41 API calls 46763->46767 46765 5263b0 41 API calls std::_Throw_Cpp_error 46765->46792 46766 5263b0 41 API calls std::_Throw_Cpp_error 46766->46790 46768 56f0b6 46767->46768 47545 5e7580 46768->47545 46772 52ad80 41 API calls 46772->46792 46773 56e33f CreateDirectoryA 46773->46790 46774 512df0 41 API calls std::_Throw_Cpp_error 46774->46790 46775 56ea89 CreateDirectoryA 46775->46792 46776 52ab20 41 API calls 46776->46792 46778 56e432 CreateDirectoryA 46778->46790 46779 5f6c20 86 API calls 46779->46792 46780 512cf0 std::_Throw_Cpp_error 41 API calls 46780->46790 46781 56eb7c CreateDirectoryA 46781->46792 46782 52ad80 41 API calls 46782->46790 46783 52ab20 41 API calls 46783->46790 46784 56e51f CreateDirectoryA 46784->46790 46785 52ae20 41 API calls 46785->46790 46787 512cf0 std::_Throw_Cpp_error 41 API calls 46787->46792 46788 5262c0 41 API calls 46788->46790 46789 56ed50 CreateDirectoryA 46789->46792 46790->46751 46790->46766 46790->46773 46790->46774 46790->46778 46790->46780 46790->46782 46790->46783 46790->46784 46790->46785 46790->46788 46796 5f6c20 86 API calls 46790->46796 46797 56e774 CreateDirectoryA 46790->46797 48404 526290 41 API calls 46790->48404 48405 5efe80 46790->48405 46791 512df0 41 API calls std::_Throw_Cpp_error 46791->46792 46792->46763 46792->46765 46792->46772 46792->46775 46792->46776 46792->46779 46792->46781 46792->46787 46792->46789 46792->46791 46793 56ec69 CreateDirectoryA 46792->46793 46795 52ae20 41 API calls 46792->46795 46798 56efd0 CreateDirectoryA 46792->46798 46800 5efe80 205 API calls 46792->46800 48640 5262c0 46792->48640 48644 526290 41 API calls 46792->48644 46793->46792 46795->46792 46796->46790 46797->46790 46798->46792 46800->46792 46802 51b916 46801->46802 46803 51c004 46802->46803 46804 52ab20 41 API calls 46802->46804 46805 51f393 46803->46805 46807 52ab20 41 API calls 46803->46807 46806 51b9e7 CreateDirectoryA 46804->46806 46808 521da6 46805->46808 46813 52ab20 41 API calls 46805->46813 46810 51bff2 46806->46810 46811 51ba12 46806->46811 46812 51c0ab CreateDirectoryA 46807->46812 46809 522294 46808->46809 46814 52ab20 41 API calls 46808->46814 46809->46747 46815 512df0 std::_Throw_Cpp_error 41 API calls 46810->46815 46816 52ab20 41 API calls 46811->46816 46817 51f381 46812->46817 46818 51c0d6 46812->46818 46819 51f43a CreateDirectoryA 46813->46819 46820 521e4d CreateDirectoryA 46814->46820 46815->46803 46821 51bab4 CreateDirectoryA 46816->46821 46822 512df0 std::_Throw_Cpp_error 41 API calls 46817->46822 46823 52ab20 41 API calls 46818->46823 46824 51f465 46819->46824 46825 521d94 46819->46825 46826 522282 46820->46826 46827 521e78 46820->46827 46828 51bae2 __fread_nolock 46821->46828 46829 51bc4c 46821->46829 46822->46805 46830 51c178 CreateDirectoryA 46823->46830 46832 52ab20 41 API calls 46824->46832 46831 512df0 std::_Throw_Cpp_error 41 API calls 46825->46831 46836 512df0 std::_Throw_Cpp_error 41 API calls 46826->46836 46835 52ab20 41 API calls 46827->46835 46845 51baf5 SHGetFolderPathA 46828->46845 46834 52ab20 41 API calls 46829->46834 46837 51c1a0 46830->46837 46838 51c4b9 46830->46838 46831->46808 46833 51f507 CreateDirectoryA 46832->46833 46840 51f877 46833->46840 46841 51f52f 46833->46841 46842 51bcea CreateDirectoryA 46834->46842 46843 521fa0 CreateDirectoryA 46835->46843 46836->46809 46839 512cf0 std::_Throw_Cpp_error 41 API calls 46837->46839 46844 52ab20 41 API calls 46838->46844 46846 51c2be 46839->46846 46853 52ab20 41 API calls 46840->46853 46865 513040 std::_Throw_Cpp_error 41 API calls 46841->46865 46847 51bd12 __fread_nolock 46842->46847 46848 51bfbf 46842->46848 46849 52225e 46843->46849 46850 521fc8 46843->46850 46851 51c557 CreateDirectoryA 46844->46851 46852 512cf0 std::_Throw_Cpp_error 41 API calls 46845->46852 46871 52ace0 41 API calls 46846->46871 46866 51bd25 SHGetFolderPathA 46847->46866 46858 51bfd1 46848->46858 46860 5f66f0 93 API calls 46848->46860 46854 5f66f0 93 API calls 46849->46854 46863 522270 46849->46863 46877 513040 std::_Throw_Cpp_error 41 API calls 46850->46877 46855 51c57f 46851->46855 46856 51d1de 46851->46856 46857 51bba1 46852->46857 46859 51f915 CreateDirectoryA 46853->46859 46854->46863 46868 512cf0 std::_Throw_Cpp_error 41 API calls 46855->46868 46867 52ab20 41 API calls 46856->46867 46869 52ace0 41 API calls 46857->46869 46864 512df0 std::_Throw_Cpp_error 41 API calls 46858->46864 46861 51fb99 46859->46861 46862 51f93d 46859->46862 46860->46858 46876 52ab20 41 API calls 46861->46876 46870 512cf0 std::_Throw_Cpp_error 41 API calls 46862->46870 46883 512df0 std::_Throw_Cpp_error 41 API calls 46863->46883 46872 51bfe3 46864->46872 46873 51f704 46865->46873 46874 512cf0 std::_Throw_Cpp_error 41 API calls 46866->46874 46875 51d27c CreateDirectoryA 46867->46875 46878 51c727 46868->46878 46879 51bbb7 46869->46879 46881 51fa5b 46870->46881 46882 51c367 46871->46882 46884 512df0 std::_Throw_Cpp_error 41 API calls 46872->46884 46901 52ace0 41 API calls 46873->46901 46885 51be57 46874->46885 46886 51d2a4 46875->46886 46887 51d63c 46875->46887 46888 51fc37 CreateDirectoryA 46876->46888 46889 52211c 46877->46889 46896 52ace0 41 API calls 46878->46896 46880 512df0 std::_Throw_Cpp_error 41 API calls 46879->46880 46890 51bbc9 46880->46890 46906 52ace0 41 API calls 46881->46906 46892 512df0 std::_Throw_Cpp_error 41 API calls 46882->46892 46883->46826 46884->46810 46893 52ace0 41 API calls 46885->46893 46913 512cf0 std::_Throw_Cpp_error 41 API calls 46886->46913 46891 52ab20 41 API calls 46887->46891 46894 51fe35 46888->46894 46895 51fc5f 46888->46895 46915 52ace0 41 API calls 46889->46915 46897 5f6c20 86 API calls 46890->46897 46899 51d6da CreateDirectoryA 46891->46899 46900 51c379 46892->46900 46902 51be6d 46893->46902 46898 52ab20 41 API calls 46894->46898 46903 512cf0 std::_Throw_Cpp_error 41 API calls 46895->46903 46904 51c7d0 46896->46904 46905 51bbe2 46897->46905 46907 51fed3 CreateDirectoryA 46898->46907 46908 51d702 46899->46908 46909 51da1b 46899->46909 46910 512cf0 std::_Throw_Cpp_error 41 API calls 46900->46910 46911 51f7b1 46901->46911 46912 512df0 std::_Throw_Cpp_error 41 API calls 46902->46912 46914 51fcf7 46903->46914 46917 512df0 std::_Throw_Cpp_error 41 API calls 46904->46917 46918 51bc21 46905->46918 46934 5263b0 std::_Throw_Cpp_error 41 API calls 46905->46934 46919 51fb04 46906->46919 46920 520e56 46907->46920 46921 51fefb 46907->46921 46922 512cf0 std::_Throw_Cpp_error 41 API calls 46908->46922 46916 52ab20 41 API calls 46909->46916 46923 51c39b 46910->46923 46924 51f7d6 46911->46924 48691 512fe0 41 API calls 2 library calls 46911->48691 46925 51be7f 46912->46925 46926 51d3bb 46913->46926 46941 52ace0 41 API calls 46914->46941 46927 5221c9 46915->46927 46932 51dab9 CreateDirectoryA 46916->46932 46933 51c7e2 46917->46933 46938 5f66f0 93 API calls 46918->46938 46952 51bc28 46918->46952 46928 512df0 std::_Throw_Cpp_error 41 API calls 46919->46928 46939 52ab20 41 API calls 46920->46939 46935 512cf0 std::_Throw_Cpp_error 41 API calls 46921->46935 46936 51d820 46922->46936 46937 5f6cf0 78 API calls 46923->46937 46931 5f6c20 86 API calls 46924->46931 46930 512cf0 std::_Throw_Cpp_error 41 API calls 46925->46930 46965 52ace0 41 API calls 46926->46965 46940 512df0 std::_Throw_Cpp_error 41 API calls 46927->46940 46943 51fb16 46928->46943 46944 51bea1 46930->46944 46945 51f80d 46931->46945 46946 51dae1 46932->46946 46947 51de80 46932->46947 46948 512cf0 std::_Throw_Cpp_error 41 API calls 46933->46948 46949 51bbfa 46934->46949 46950 51ff97 46935->46950 46981 52ace0 41 API calls 46936->46981 46951 51c3a8 46937->46951 46938->46952 46953 520ef4 CreateDirectoryA 46939->46953 46942 5221db 46940->46942 46954 51fda0 46941->46954 46955 5f6c20 86 API calls 46942->46955 46956 5f6c20 86 API calls 46943->46956 48645 5f6cf0 46944->48645 46959 51f84c 46945->46959 46975 5263b0 std::_Throw_Cpp_error 41 API calls 46945->46975 46960 512cf0 std::_Throw_Cpp_error 41 API calls 46946->46960 46958 52ab20 41 API calls 46947->46958 46961 51c804 46948->46961 46962 5263b0 std::_Throw_Cpp_error 41 API calls 46949->46962 46996 52ace0 41 API calls 46950->46996 46963 51c49b 46951->46963 46982 52ab20 41 API calls 46951->46982 46966 512df0 std::_Throw_Cpp_error 41 API calls 46952->46966 46964 520f1c 46953->46964 47254 521842 46953->47254 46969 512df0 std::_Throw_Cpp_error 41 API calls 46954->46969 46970 5221f4 46955->46970 46972 51fb2f 46956->46972 46974 51df1e CreateDirectoryA 46958->46974 46980 5f66f0 93 API calls 46959->46980 46995 51f853 46959->46995 46976 51dc85 46960->46976 46978 5f6cf0 78 API calls 46961->46978 46979 51bc12 46962->46979 46971 5f66f0 93 API calls 46963->46971 46967 512cf0 std::_Throw_Cpp_error 41 API calls 46964->46967 46968 51d464 46965->46968 46966->46829 46983 520fb9 46967->46983 46984 512df0 std::_Throw_Cpp_error 41 API calls 46968->46984 46985 51fdb2 46969->46985 46986 522233 46970->46986 47001 5263b0 std::_Throw_Cpp_error 41 API calls 46970->47001 46987 51c4a7 46971->46987 46988 51fb6e 46972->46988 47003 5263b0 std::_Throw_Cpp_error 41 API calls 46972->47003 46990 51df46 46974->46990 47269 51e638 46974->47269 46991 51f825 46975->46991 47028 52ace0 41 API calls 46976->47028 46977 52ab20 41 API calls 46992 5218e6 CreateDirectoryA 46977->46992 46993 51c811 46978->46993 46994 5efe80 205 API calls 46979->46994 46980->46995 46997 51d8c9 46981->46997 46998 51c451 46982->46998 47039 52ace0 41 API calls 46983->47039 46999 51d476 46984->46999 47000 5f6c20 86 API calls 46985->47000 47002 5f66f0 93 API calls 46986->47002 47101 52223a 46986->47101 47022 512df0 std::_Throw_Cpp_error 41 API calls 46987->47022 47008 5f66f0 93 API calls 46988->47008 47112 51fb75 46988->47112 46989 51bfa1 47005 512cf0 std::_Throw_Cpp_error 41 API calls 46990->47005 47007 5263b0 std::_Throw_Cpp_error 41 API calls 46991->47007 47009 521d25 46992->47009 47010 52190e 46992->47010 47011 51c98c 46993->47011 47029 52ab20 41 API calls 46993->47029 46994->46918 47031 512df0 std::_Throw_Cpp_error 41 API calls 46995->47031 47013 520040 46996->47013 47014 512df0 std::_Throw_Cpp_error 41 API calls 46997->47014 47015 51c460 46998->47015 47016 51c462 CopyFileA 46998->47016 47019 512cf0 std::_Throw_Cpp_error 41 API calls 46999->47019 47020 51fdcb 47000->47020 47021 52220c 47001->47021 47002->47101 47023 51fb47 47003->47023 47004 52ab20 41 API calls 47025 51dfe3 47005->47025 47006 52ab20 41 API calls 47026 51e6dc CreateDirectoryA 47006->47026 47027 51f83d 47007->47027 47008->47112 47033 521d37 47009->47033 47050 5f66f0 93 API calls 47009->47050 47066 513040 std::_Throw_Cpp_error 41 API calls 47010->47066 47018 512cf0 std::_Throw_Cpp_error 41 API calls 47011->47018 47032 512df0 std::_Throw_Cpp_error 41 API calls 47013->47032 47034 51d8db 47014->47034 47015->47016 47017 512df0 std::_Throw_Cpp_error 41 API calls 47016->47017 47036 51c491 47017->47036 47038 51cb30 47018->47038 47040 51d498 47019->47040 47056 5263b0 std::_Throw_Cpp_error 41 API calls 47020->47056 47133 51fe0a 47020->47133 47041 5263b0 std::_Throw_Cpp_error 41 API calls 47021->47041 47022->46838 47042 5263b0 std::_Throw_Cpp_error 41 API calls 47023->47042 47084 52ace0 41 API calls 47025->47084 47045 51e704 47026->47045 47225 51f2fd 47026->47225 47046 5efe80 205 API calls 47027->47046 47047 51dd2e 47028->47047 47048 51c940 47029->47048 47031->46840 47049 520052 47032->47049 47037 512df0 std::_Throw_Cpp_error 41 API calls 47033->47037 47035 512cf0 std::_Throw_Cpp_error 41 API calls 47034->47035 47051 51d8fd 47035->47051 47036->46963 47052 51c495 47036->47052 47087 52ace0 41 API calls 47038->47087 47054 521062 47039->47054 47055 5f6cf0 78 API calls 47040->47055 47057 522224 47041->47057 47061 51fb5f 47042->47061 47046->46959 47065 512df0 std::_Throw_Cpp_error 41 API calls 47047->47065 47067 51c951 CopyFileA 47048->47067 47068 51c94f 47048->47068 47070 5f6c20 86 API calls 47049->47070 47050->47033 47071 5f6cf0 78 API calls 47051->47071 47052->46987 47079 512df0 std::_Throw_Cpp_error 41 API calls 47054->47079 47080 51d4a5 47055->47080 47072 51fde3 47056->47072 47073 5efe80 205 API calls 47057->47073 47059 5f66f0 93 API calls 47154 51fe11 47059->47154 47060 512df0 std::_Throw_Cpp_error 41 API calls 47060->46849 47083 5efe80 205 API calls 47061->47083 47064 512df0 std::_Throw_Cpp_error 41 API calls 47064->46861 47075 51dd40 47065->47075 47096 5219dc 47066->47096 47076 512df0 std::_Throw_Cpp_error 41 API calls 47067->47076 47068->47067 47077 52006b 47070->47077 47090 5263b0 std::_Throw_Cpp_error 41 API calls 47072->47090 47073->46986 47097 51c980 47076->47097 47089 51d61e 47080->47089 47109 52ab20 41 API calls 47080->47109 47083->46988 47107 51cbd9 47087->47107 47111 5f66f0 93 API calls 47089->47111 47097->47011 47101->47060 47102 512df0 std::_Throw_Cpp_error 41 API calls 47102->46894 47120 51d5d4 47109->47120 47112->47064 47133->47059 47133->47154 47154->47102 47254->46977 47269->47006 48737 5459b0 47440->48737 47443 5ef0d0 47443->47443 47444 513040 std::_Throw_Cpp_error 41 API calls 47443->47444 47445 5ef0ec 47444->47445 47446 52fbf0 41 API calls 47445->47446 47447 5ef11d 47446->47447 47449 5efe59 47447->47449 47450 5ef190 std::ios_base::_Ios_base_dtor 47447->47450 47448 5f6c20 86 API calls 47451 5ef1c5 47448->47451 47453 548c70 std::_Throw_Cpp_error 41 API calls 47449->47453 47450->47448 47452 5efdeb 47451->47452 47455 52ab20 41 API calls 47451->47455 47454 5efe1b std::ios_base::_Ios_base_dtor 47452->47454 47460 5efe5e 47452->47460 47453->47460 47456 512df0 std::_Throw_Cpp_error 41 API calls 47454->47456 47457 5ef268 47455->47457 47459 5f6c20 86 API calls 47457->47459 47461 548c70 std::_Throw_Cpp_error 41 API calls 47460->47461 47463 5efe72 47461->47463 47546 5e75b6 __fread_nolock 47545->47546 47547 5e75d4 SHGetFolderPathA 47546->47547 47548 5459b0 __fread_nolock 47547->47548 47549 5e7601 SHGetFolderPathA 47548->47549 47550 5e7748 47549->47550 47550->47550 47551 513040 std::_Throw_Cpp_error 41 API calls 47550->47551 47552 5e7764 47551->47552 47553 52ace0 41 API calls 47552->47553 47557 5e7780 std::ios_base::_Ios_base_dtor 47553->47557 47554 5f6c20 86 API calls 47556 5ee3a7 47557->47554 47557->47556 48404->46790 48406 52ab20 41 API calls 48405->48406 48408 5effdf 48406->48408 48407 512df0 std::_Throw_Cpp_error 41 API calls 48409 5f0072 FindFirstFileA 48407->48409 48410 5f063c 48408->48410 48411 5f001f std::ios_base::_Ios_base_dtor 48408->48411 48417 5f050f std::ios_base::_Ios_base_dtor 48409->48417 48486 5f009f std::locale::_Locimp::_Locimp 48409->48486 48412 548c70 std::_Throw_Cpp_error 41 API calls 48410->48412 48411->48407 48414 5f0641 48412->48414 48413 5f04e4 FindNextFileA 48415 5f04fb FindClose GetLastError 48413->48415 48413->48486 48416 548c70 std::_Throw_Cpp_error 41 API calls 48414->48416 48415->48417 48419 5f064b 48416->48419 48417->48414 48420 5f05f0 std::ios_base::_Ios_base_dtor 48417->48420 48418 512df0 std::_Throw_Cpp_error 41 API calls 48421 5f0618 48418->48421 48425 52ab20 41 API calls 48419->48425 48420->48418 48422 512df0 std::_Throw_Cpp_error 41 API calls 48421->48422 48424 5f0627 48422->48424 48423 528f00 41 API calls std::_Throw_Cpp_error 48423->48486 48424->46790 48426 5f07ba 48425->48426 48427 549820 43 API calls 48426->48427 48428 5f0868 48427->48428 48429 5f4505 48428->48429 48847 5f7160 GetCurrentProcess IsWow64Process 48428->48847 48431 5263b0 std::_Throw_Cpp_error 41 API calls 48429->48431 48434 5f4528 48431->48434 48433 52e8a0 41 API calls 48433->48486 48920 5f75c0 48434->48920 48435 513350 78 API calls 48438 5f0944 48435->48438 48440 513350 78 API calls 48438->48440 48445 512df0 41 API calls std::_Throw_Cpp_error 48445->48486 48456 5f04bf CopyFileA 48460 5f0520 GetLastError 48456->48460 48456->48486 48460->48417 48461 5f6c20 86 API calls 48461->48486 48466 5f034d CreateDirectoryA 48466->48460 48466->48486 48478 5132d0 41 API calls std::_Throw_Cpp_error 48478->48486 48482 5efe80 155 API calls 48482->48486 48486->48413 48486->48414 48486->48417 48486->48423 48486->48433 48486->48445 48486->48456 48486->48461 48486->48466 48486->48478 48486->48482 48641 5262d3 48640->48641 48642 5262ce 48640->48642 48641->46792 48643 512df0 std::_Throw_Cpp_error 41 API calls 48642->48643 48643->48641 48644->46792 48646 549820 43 API calls 48645->48646 48647 5f6daf 48646->48647 48648 5f6dbc 48647->48648 48649 54d0a8 78 API calls 48647->48649 48650 512df0 std::_Throw_Cpp_error 41 API calls 48648->48650 48649->48648 48651 51beae 48650->48651 48651->46989 48651->47004 48691->46924 48738 5459c7 SHGetFolderPathA 48737->48738 48738->47443 48848 5f0880 48847->48848 48848->48435 48921 549820 43 API calls 48920->48921 49292 56f6c0 49293 56f714 49292->49293 49294 57027c 49292->49294 49295 52ab20 41 API calls 49293->49295 49296 52ab20 41 API calls 49294->49296 49297 56f7f6 49295->49297 49298 57035e 49296->49298 49299 5f6c20 86 API calls 49297->49299 49300 5f6c20 86 API calls 49298->49300 49301 56f81c 49299->49301 49302 570384 49300->49302 49303 5f6b90 85 API calls 49301->49303 49307 56f83f 49301->49307 49304 5f6b90 85 API calls 49302->49304 49310 5703a7 49302->49310 49303->49307 49304->49310 49305 57026a 49313 512df0 std::_Throw_Cpp_error 41 API calls 49305->49313 49306 57024f 49306->49305 49315 5f66f0 93 API calls 49306->49315 49307->49305 49307->49306 49312 52b260 41 API calls 49307->49312 49308 571a9b 49314 512df0 std::_Throw_Cpp_error 41 API calls 49308->49314 49309 571a80 49309->49308 49316 5f66f0 93 API calls 49309->49316 49310->49308 49310->49309 49311 52b260 41 API calls 49310->49311 49386 5703d7 std::ios_base::_Ios_base_dtor 49311->49386 49356 56f86f 49312->49356 49313->49294 49317 571aad 49314->49317 49315->49305 49316->49308 49318 571a71 49457 518ab0 41 API calls std::ios_base::_Ios_base_dtor 49318->49457 49319 570240 49454 518ab0 41 API calls std::ios_base::_Ios_base_dtor 49319->49454 49322 523200 41 API calls 49322->49386 49323 523200 41 API calls 49323->49356 49324 52b260 41 API calls 49324->49386 49325 52b260 41 API calls 49325->49356 49328 5263b0 41 API calls std::_Throw_Cpp_error 49328->49386 49329 5263b0 41 API calls std::_Throw_Cpp_error 49329->49356 49330 526240 41 API calls 49330->49356 49332 526240 41 API calls 49332->49386 49333 5f6c20 86 API calls 49333->49386 49335 512df0 41 API calls std::_Throw_Cpp_error 49335->49356 49336 52ac50 41 API calls 49336->49356 49337 52ac50 41 API calls 49337->49386 49338 5f6c20 86 API calls 49338->49356 49339 549820 43 API calls 49339->49356 49340 549820 43 API calls 49340->49386 49341 5f6b90 85 API calls 49341->49356 49342 5f6b90 85 API calls 49342->49386 49343 52ae20 41 API calls 49343->49386 49344 52ae20 41 API calls 49344->49356 49345 52abb0 41 API calls 49345->49356 49346 52abb0 41 API calls 49346->49386 49347 5230f0 41 API calls 49347->49386 49348 5230f0 41 API calls 49348->49356 49349 54d0a8 78 API calls 49349->49386 49350 54d0a8 78 API calls 49350->49356 49351 512cf0 41 API calls std::_Throw_Cpp_error 49351->49356 49352 512cf0 41 API calls std::_Throw_Cpp_error 49352->49386 49353 52af80 41 API calls 49353->49356 49355 513350 78 API calls 49355->49356 49356->49319 49356->49323 49356->49325 49356->49329 49356->49330 49356->49335 49356->49336 49356->49338 49356->49339 49356->49341 49356->49344 49356->49345 49356->49348 49356->49350 49356->49351 49356->49353 49356->49355 49450 526210 41 API calls std::_Throw_Cpp_error 49356->49450 49451 52b400 41 API calls 49356->49451 49452 52bae0 41 API calls std::_Throw_Cpp_error 49356->49452 49453 518ab0 41 API calls std::ios_base::_Ios_base_dtor 49356->49453 49358 52af80 41 API calls 49358->49386 49360 513040 std::_Throw_Cpp_error 41 API calls 49360->49386 49361 526260 41 API calls 49361->49386 49362 52ace0 41 API calls 49362->49386 49363 5262c0 41 API calls 49363->49386 49364 571d84 49365 548c70 std::_Throw_Cpp_error 41 API calls 49364->49365 49366 571d89 49365->49366 49367 52ab20 41 API calls 49366->49367 49368 571eb4 49367->49368 49369 5f6c20 86 API calls 49368->49369 49370 571eda 49369->49370 49371 5f6b90 85 API calls 49370->49371 49374 571efd 49370->49374 49371->49374 49372 513350 78 API calls 49372->49386 49373 57291f 49377 5f66f0 93 API calls 49373->49377 49378 57293e 49373->49378 49374->49373 49376 52b260 41 API calls 49374->49376 49374->49378 49375 52b400 41 API calls 49375->49386 49434 571f2d 49376->49434 49377->49378 49380 52ab20 41 API calls 49378->49380 49379 572910 49460 518ab0 41 API calls std::ios_base::_Ios_base_dtor 49379->49460 49381 572a23 49380->49381 49383 5f6c20 86 API calls 49381->49383 49384 572a49 49383->49384 49385 5f6b90 85 API calls 49384->49385 49389 572a6c 49384->49389 49385->49389 49386->49318 49386->49322 49386->49324 49386->49328 49386->49332 49386->49333 49386->49337 49386->49340 49386->49342 49386->49343 49386->49346 49386->49347 49386->49349 49386->49352 49386->49358 49386->49360 49386->49361 49386->49362 49386->49363 49386->49364 49386->49372 49386->49375 49390 512df0 41 API calls std::_Throw_Cpp_error 49386->49390 49439 5319a0 49386->49439 49455 526210 41 API calls std::_Throw_Cpp_error 49386->49455 49456 518ab0 41 API calls std::ios_base::_Ios_base_dtor 49386->49456 49387 5734a9 49392 512df0 std::_Throw_Cpp_error 41 API calls 49387->49392 49388 57348e 49388->49387 49393 5f66f0 93 API calls 49388->49393 49389->49387 49389->49388 49391 52b260 41 API calls 49389->49391 49390->49386 49438 572a9c 49391->49438 49394 5734bb 49392->49394 49393->49387 49395 512df0 std::_Throw_Cpp_error 41 API calls 49394->49395 49397 5734ca 49395->49397 49396 57347f 49463 518ab0 41 API calls std::ios_base::_Ios_base_dtor 49396->49463 49399 523200 41 API calls 49399->49434 49400 52b260 41 API calls 49400->49434 49402 5263b0 41 API calls std::_Throw_Cpp_error 49402->49434 49403 523200 41 API calls 49403->49438 49404 52b260 41 API calls 49404->49438 49407 526240 41 API calls 49407->49434 49408 5263b0 41 API calls std::_Throw_Cpp_error 49408->49438 49409 512cf0 41 API calls std::_Throw_Cpp_error 49409->49434 49410 52ac50 41 API calls 49410->49434 49411 5f6c20 86 API calls 49411->49434 49412 549820 43 API calls 49412->49434 49413 5f6b90 85 API calls 49413->49434 49414 52ae20 41 API calls 49414->49434 49415 512df0 41 API calls std::_Throw_Cpp_error 49415->49434 49416 52ac50 41 API calls 49416->49438 49417 52abb0 41 API calls 49417->49434 49419 5230f0 41 API calls 49419->49434 49420 54d0a8 78 API calls 49420->49434 49421 5f6c20 86 API calls 49421->49438 49422 549820 43 API calls 49422->49438 49423 5f6b90 85 API calls 49423->49438 49424 52ae20 41 API calls 49424->49438 49425 52abb0 41 API calls 49425->49438 49426 5230f0 41 API calls 49426->49438 49427 52af80 41 API calls 49427->49434 49428 526240 41 API calls 49428->49438 49429 54d0a8 78 API calls 49429->49438 49430 512df0 41 API calls std::_Throw_Cpp_error 49430->49438 49431 512cf0 41 API calls std::_Throw_Cpp_error 49431->49438 49432 513350 78 API calls 49432->49434 49433 52b400 41 API calls 49433->49434 49434->49379 49434->49399 49434->49400 49434->49402 49434->49407 49434->49409 49434->49410 49434->49411 49434->49412 49434->49413 49434->49414 49434->49415 49434->49417 49434->49419 49434->49420 49434->49427 49434->49432 49434->49433 49458 526210 41 API calls std::_Throw_Cpp_error 49434->49458 49459 518ab0 41 API calls std::ios_base::_Ios_base_dtor 49434->49459 49435 52af80 41 API calls 49435->49438 49436 513350 78 API calls 49436->49438 49437 52b400 41 API calls 49437->49438 49438->49396 49438->49403 49438->49404 49438->49408 49438->49416 49438->49421 49438->49422 49438->49423 49438->49424 49438->49425 49438->49426 49438->49428 49438->49429 49438->49430 49438->49431 49438->49435 49438->49436 49438->49437 49461 526210 41 API calls std::_Throw_Cpp_error 49438->49461 49462 518ab0 41 API calls std::ios_base::_Ios_base_dtor 49438->49462 49440 5319d0 49439->49440 49441 5319f5 49439->49441 49440->49386 49442 512cf0 std::_Throw_Cpp_error 41 API calls 49441->49442 49443 531a03 49442->49443 49444 52ace0 41 API calls 49443->49444 49445 531a18 49444->49445 49446 517cf0 41 API calls 49445->49446 49447 531a2d 49446->49447 49448 5451fb std::_Throw_Cpp_error RaiseException 49447->49448 49449 531a3e 49448->49449 49450->49356 49451->49356 49452->49356 49453->49356 49454->49306 49455->49386 49456->49386 49457->49309 49458->49434 49459->49434 49460->49373 49461->49438 49462->49438 49463->49388 49652 57aa00 49881 57aa3a 49652->49881 49653 57aa61 49655 5263b0 std::_Throw_Cpp_error 41 API calls 49653->49655 49656 5263b0 std::_Throw_Cpp_error 41 API calls 49653->49656 49654 588aa7 49655->49653 49657 57aabc 49656->49657 49658 57ab44 49657->49658 49660 57ab5e 49658->49660 49659 513040 std::_Throw_Cpp_error 41 API calls 49659->49660 49660->49659 49661 513040 std::_Throw_Cpp_error 41 API calls 49660->49661 49662 57acd9 49661->49662 49664 57ad04 49662->49664 49665 58719c 49662->49665 51000 5ba180 49662->51000 49668 57ad16 49664->49668 49666 5871aa 49665->49666 49667 5871cc 49666->49667 49670 5263b0 std::_Throw_Cpp_error 41 API calls 49667->49670 49669 57ad38 49668->49669 49671 5263b0 std::_Throw_Cpp_error 41 API calls 49669->49671 49673 5871db 49670->49673 49672 57ad40 49671->49672 49674 57ad5a 49672->49674 49681 5871f8 49673->49681 49675 57ad61 49674->49675 49677 5263b0 std::_Throw_Cpp_error 41 API calls 49675->49677 49676 5263b0 std::_Throw_Cpp_error 41 API calls 49676->49681 49678 57ad69 49677->49678 49680 512cf0 std::_Throw_Cpp_error 41 API calls 49678->49680 49679 512cf0 std::_Throw_Cpp_error 41 API calls 49679->49681 49682 57ade3 49680->49682 49681->49676 49681->49679 49689 5873fb 49681->49689 49684 512cf0 std::_Throw_Cpp_error 41 API calls 49682->49684 49683 512cf0 std::_Throw_Cpp_error 41 API calls 49683->49689 49685 57af0d 49684->49685 49687 5ba180 222 API calls 49685->49687 49686 5ba180 222 API calls 49686->49689 49688 57af28 49687->49688 49692 57af3d 49688->49692 49689->49683 49689->49686 49690 58742f 49689->49690 49691 587451 49690->49691 49694 5263b0 std::_Throw_Cpp_error 41 API calls 49691->49694 49693 57af5f 49692->49693 49695 5263b0 std::_Throw_Cpp_error 41 API calls 49693->49695 49696 587460 49694->49696 49697 57af67 49695->49697 49706 58747d 49696->49706 49700 5263b0 std::_Throw_Cpp_error 41 API calls 49700->49706 49704 512cf0 std::_Throw_Cpp_error 41 API calls 49704->49706 49706->49700 49706->49704 49712 587680 49706->49712 49707 512cf0 std::_Throw_Cpp_error 41 API calls 49707->49712 49710 5ba180 222 API calls 49710->49712 49712->49707 49712->49710 49714 5876b4 49712->49714 49716 5876d6 49714->49716 49719 5263b0 std::_Throw_Cpp_error 41 API calls 49716->49719 49721 5876e5 49719->49721 49729 587702 49721->49729 49724 5263b0 std::_Throw_Cpp_error 41 API calls 49724->49729 49727 512cf0 std::_Throw_Cpp_error 41 API calls 49727->49729 49729->49724 49729->49727 49737 587905 49729->49737 49875 512cf0 std::_Throw_Cpp_error 41 API calls 49875->49881 49878 5ba180 222 API calls 49878->49881 49881->49653 49881->49654 49881->49875 49881->49878 51001 5459b0 __fread_nolock 51000->51001 51002 5ba1db SHGetFolderPathA 51001->51002 51961 52ac50 51002->51961 51004 5ba20f 51005 5ba22d 51004->51005 51006 5bb345 51004->51006 51008 5263b0 std::_Throw_Cpp_error 41 API calls 51005->51008 51007 5252b0 41 API calls 51006->51007 51009 5bb391 51007->51009 51010 5ba23e 51008->51010 51011 512df0 std::_Throw_Cpp_error 41 API calls 51009->51011 51012 5d5f80 45 API calls 51010->51012 51013 5bb343 51011->51013 51014 5ba251 51012->51014 51020 5342a0 41 API calls 51013->51020 51023 5bb3eb 51013->51023 51269 5bb410 std::ios_base::_Ios_base_dtor std::locale::_Locimp::_Locimp 51013->51269 51015 5ba26b 51014->51015 51268 5ba2d5 std::locale::_Locimp::_Locimp 51014->51268 51017 5285d0 76 API calls 51015->51017 51016 5ba277 51019 5285d0 76 API calls 51016->51019 51017->51016 51018 5bb334 51021 5285d0 76 API calls 51018->51021 51022 5ba283 51019->51022 51020->51023 51021->51013 51024 512df0 std::_Throw_Cpp_error 41 API calls 51022->51024 51025 512df0 std::_Throw_Cpp_error 41 API calls 51023->51025 51025->51269 51026 5bda8c 51031 527ef0 41 API calls 51026->51031 51033 5bdafa 51031->51033 51035 5240c0 41 API calls 51033->51035 51038 52ad80 41 API calls 51038->51269 51048 5bda87 51051 548c70 std::_Throw_Cpp_error 41 API calls 51048->51051 51051->51026 51058 52e8a0 41 API calls 51058->51269 51100 528f00 41 API calls std::_Throw_Cpp_error 51100->51268 51114 52e710 41 API calls 51114->51269 51120 528f00 std::_Throw_Cpp_error 41 API calls 51120->51269 51125 52abb0 41 API calls 51125->51269 51135 52abb0 41 API calls 51135->51268 51140 512df0 41 API calls std::_Throw_Cpp_error 51140->51268 51167 5f6cf0 78 API calls 51167->51269 51168 52e8a0 41 API calls 51168->51268 51182 52ab20 41 API calls 51182->51269 51184 513040 41 API calls std::_Throw_Cpp_error 51184->51269 51191 5132d0 41 API calls std::_Throw_Cpp_error 51191->51269 51197 5335f0 41 API calls 51197->51269 51217 512df0 41 API calls std::_Throw_Cpp_error 51217->51269 51243 5f6cf0 78 API calls 51243->51268 51245 5132d0 std::_Throw_Cpp_error 41 API calls 51245->51268 51256 5263b0 41 API calls std::_Throw_Cpp_error 51256->51268 51258 5263b0 41 API calls std::_Throw_Cpp_error 51258->51269 51268->51018 51268->51026 51268->51100 51268->51135 51268->51140 51268->51168 51268->51243 51268->51245 51268->51256 52136 534400 44 API calls 4 library calls 51268->52136 51269->51016 51269->51026 51269->51038 51269->51048 51269->51058 51269->51114 51269->51120 51269->51125 51269->51167 51269->51182 51269->51184 51269->51191 51269->51197 51269->51217 51269->51258 51270 5198e0 41 API calls 51269->51270 51277 512fe0 41 API calls std::_Throw_Cpp_error 51269->51277 51270->51269 51277->51269 51962 52ac81 51961->51962 51962->51962 51963 52ac9b 51962->51963 51966 52acd3 51962->51966 51964 52e8a0 41 API calls 51963->51964 51965 52acb2 51964->51965 51965->51004 51967 52fbf0 41 API calls 51966->51967 51968 52ad24 51967->51968 51968->51004 52136->51268 52852 57a0c0 52863 57a0fb 52852->52863 52853 57a9e0 52854 5263b0 41 API calls std::_Throw_Cpp_error 52854->52863 52857 52af80 41 API calls 52857->52863 52858 523d50 41 API calls 52858->52863 52859 5238b0 41 API calls 52859->52863 52863->52853 52863->52854 52863->52857 52863->52858 52863->52859 52864 5af050 52863->52864 52956 5ad320 52863->52956 53036 5aaee0 52863->53036 53117 5a8630 52863->53117 53194 5a6330 52863->53194 52865 5af086 52864->52865 52866 527ef0 41 API calls 52865->52866 52867 5af0af 52866->52867 52868 5240c0 41 API calls 52867->52868 52869 5af0d9 52868->52869 52870 52af80 41 API calls 52869->52870 52871 5af174 __fread_nolock 52870->52871 52872 5af192 SHGetFolderPathA 52871->52872 52873 52ac50 41 API calls 52872->52873 52874 5af1bf 52873->52874 52875 52ab20 41 API calls 52874->52875 52876 5af264 __fread_nolock 52875->52876 52877 5af27e GetPrivateProfileSectionNamesA 52876->52877 52945 5af2b1 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 52877->52945 52879 5b340d lstrlen 52880 5b3423 52879->52880 52879->52945 52881 512df0 std::_Throw_Cpp_error 41 API calls 52880->52881 52883 5b3432 52881->52883 52882 5af3a2 GetPrivateProfileStringA 52882->52945 52884 512df0 std::_Throw_Cpp_error 41 API calls 52883->52884 52885 5b3441 52884->52885 52886 512df0 std::_Throw_Cpp_error 41 API calls 52885->52886 52888 5b344d 52886->52888 52887 52e8a0 41 API calls 52887->52945 52889 512df0 std::_Throw_Cpp_error 41 API calls 52888->52889 52891 5b3459 52889->52891 52890 5b347b 52893 512cf0 std::_Throw_Cpp_error 41 API calls 52890->52893 52892 512df0 std::_Throw_Cpp_error 41 API calls 52891->52892 52895 5b3465 52892->52895 52894 5b3494 52893->52894 52896 52ace0 41 API calls 52894->52896 52895->52863 52897 5b34a9 52896->52897 52898 517cf0 41 API calls 52897->52898 52899 5b34c1 52898->52899 52900 5451fb std::_Throw_Cpp_error RaiseException 52899->52900 52901 5b34d5 52900->52901 52903 548c70 std::_Throw_Cpp_error 41 API calls 52901->52903 52902 54d0a8 78 API calls 52902->52945 52904 5b34da 52903->52904 52906 512cf0 std::_Throw_Cpp_error 41 API calls 52904->52906 52905 5f75c0 87 API calls 52905->52945 52909 5b34ed 52906->52909 52907 5e6710 148 API calls 52907->52945 52908 5132d0 std::_Throw_Cpp_error 41 API calls 52908->52945 52911 52ace0 41 API calls 52909->52911 52910 52b430 53 API calls 52910->52945 52912 5b3502 52911->52912 52913 517cf0 41 API calls 52912->52913 52914 5b351a 52913->52914 52915 5451fb std::_Throw_Cpp_error RaiseException 52914->52915 52917 5b352e 52915->52917 52916 5e6570 87 API calls 52916->52945 52918 512cf0 std::_Throw_Cpp_error 41 API calls 52917->52918 52919 5b3542 52918->52919 52920 52ace0 41 API calls 52919->52920 52921 5b3557 52920->52921 52922 517cf0 41 API calls 52921->52922 52923 5b356f 52922->52923 52924 5451fb std::_Throw_Cpp_error RaiseException 52923->52924 52925 5b3583 52924->52925 52927 523d50 41 API calls 52927->52945 52928 5b1bdf CreateDirectoryA 52928->52945 52929 513040 41 API calls std::_Throw_Cpp_error 52929->52945 52931 52af80 41 API calls 52931->52945 52932 52ad80 41 API calls 52932->52945 52933 52abb0 41 API calls 52933->52945 52934 536db0 41 API calls 52934->52945 52935 5f6c20 86 API calls 52935->52945 52936 543672 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 52936->52945 52937 52ace0 41 API calls 52937->52945 52938 5b1ec6 CreateDirectoryA 52938->52945 52939 512df0 41 API calls std::_Throw_Cpp_error 52939->52945 52940 5f6cf0 78 API calls 52940->52945 52941 52b0e0 41 API calls 52941->52945 52942 512cf0 std::_Throw_Cpp_error 41 API calls 52942->52945 52944 52b7b0 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection 52944->52945 52945->52879 52945->52882 52945->52887 52945->52890 52945->52901 52945->52902 52945->52904 52945->52905 52945->52907 52945->52908 52945->52910 52945->52916 52945->52917 52945->52927 52945->52928 52945->52929 52945->52931 52945->52932 52945->52933 52945->52934 52945->52935 52945->52936 52945->52937 52945->52938 52945->52939 52945->52940 52945->52941 52945->52942 52945->52944 52946 549820 43 API calls 52945->52946 52947 512fe0 41 API calls std::_Throw_Cpp_error 52945->52947 52948 52ab20 41 API calls 52945->52948 52950 5b3590 154 API calls 52945->52950 52951 527ef0 41 API calls 52945->52951 52952 551628 75 API calls 52945->52952 52953 523980 41 API calls 52945->52953 52954 5230f0 41 API calls 52945->52954 53273 550fae 52945->53273 53287 53c080 41 API calls 2 library calls 52945->53287 53288 534900 41 API calls 52945->53288 53289 523200 52945->53289 53304 52b9d0 41 API calls 2 library calls 52945->53304 53305 5236c0 41 API calls std::_Throw_Cpp_error 52945->53305 52946->52945 52947->52945 52948->52945 52950->52945 52951->52945 52952->52945 52953->52945 52954->52945 52957 5ad356 52956->52957 52958 527ef0 41 API calls 52957->52958 52959 5ad37f 52958->52959 52960 5240c0 41 API calls 52959->52960 52961 5ad3a9 52960->52961 52962 52af80 41 API calls 52961->52962 52963 5ad444 __fread_nolock 52962->52963 52964 5ad462 SHGetFolderPathA 52963->52964 52965 52ac50 41 API calls 52964->52965 52966 5ad48f 52965->52966 52967 52ab20 41 API calls 52966->52967 52968 5ad534 __fread_nolock 52967->52968 52969 5ad54e GetPrivateProfileSectionNamesA 52968->52969 53030 5ad581 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 52969->53030 52970 550fae 50 API calls 52970->53030 52971 5aeeb1 lstrlen 52972 5aeec7 52971->52972 52971->53030 52974 512df0 std::_Throw_Cpp_error 41 API calls 52972->52974 52973 5ad672 GetPrivateProfileStringA 52973->53030 52975 5aeed6 52974->52975 52976 512df0 std::_Throw_Cpp_error 41 API calls 52975->52976 52978 5aeee5 52976->52978 52977 5aefe8 52983 548c70 std::_Throw_Cpp_error 41 API calls 52977->52983 52980 512df0 std::_Throw_Cpp_error 41 API calls 52978->52980 52979 52e8a0 41 API calls 52979->53030 52981 5aeef1 52980->52981 52981->52863 52982 52abb0 41 API calls 52982->53030 52984 5aeff2 52983->52984 52985 512cf0 std::_Throw_Cpp_error 41 API calls 52984->52985 52986 5af009 52985->52986 52987 52ace0 41 API calls 52986->52987 52988 5af01e 52987->52988 52989 517cf0 41 API calls 52988->52989 52990 5af036 52989->52990 52992 5451fb std::_Throw_Cpp_error RaiseException 52990->52992 52991 52ab20 41 API calls 52991->53030 52993 5af04a 52992->52993 52994 549820 43 API calls 52994->53030 52995 54d0a8 78 API calls 52995->53030 52996 527ef0 41 API calls 52996->53030 52997 5240c0 41 API calls 52997->53030 52998 512df0 41 API calls std::_Throw_Cpp_error 52998->53030 52999 5f6450 44 API calls 52999->53030 53000 5132d0 41 API calls std::_Throw_Cpp_error 53000->53030 53002 5aef40 53005 512cf0 std::_Throw_Cpp_error 41 API calls 53002->53005 53003 5280a0 41 API calls 53003->53030 53004 5285d0 76 API calls 53004->53030 53006 5aef57 53005->53006 53008 52ace0 41 API calls 53006->53008 53007 526130 41 API calls 53007->53030 53010 5aef6c 53008->53010 53009 5e6710 148 API calls 53009->53030 53011 517cf0 41 API calls 53010->53011 53012 5aef84 53011->53012 53013 5451fb std::_Throw_Cpp_error RaiseException 53012->53013 53013->52977 53014 5aef06 53016 512cf0 std::_Throw_Cpp_error 41 API calls 53014->53016 53015 5e6570 87 API calls 53015->53030 53018 5aef19 53016->53018 53017 513040 41 API calls std::_Throw_Cpp_error 53017->53030 53019 52ace0 41 API calls 53018->53019 53025 5aee07 53019->53025 53020 517cf0 41 API calls 53020->53012 53021 5aedde 53022 512cf0 std::_Throw_Cpp_error 41 API calls 53021->53022 53023 5aedf2 53022->53023 53024 52ace0 41 API calls 53023->53024 53024->53025 53025->53020 53027 536db0 41 API calls 53027->53030 53028 543672 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 53028->53030 53029 5aef94 53031 512cf0 std::_Throw_Cpp_error 41 API calls 53029->53031 53030->52970 53030->52971 53030->52973 53030->52977 53030->52979 53030->52982 53030->52984 53030->52991 53030->52994 53030->52995 53030->52996 53030->52997 53030->52998 53030->52999 53030->53000 53030->53002 53030->53003 53030->53004 53030->53007 53030->53009 53030->53014 53030->53015 53030->53017 53030->53021 53030->53027 53030->53028 53030->53029 53032 523d50 41 API calls 53030->53032 53033 534900 41 API calls 53030->53033 53313 52c3a0 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 53030->53313 53314 533f40 102 API calls 4 library calls 53030->53314 53034 5aefa7 53031->53034 53032->53030 53033->53030 53035 52ace0 41 API calls 53034->53035 53035->53025 53037 5aaf16 53036->53037 53038 527ef0 41 API calls 53037->53038 53039 5aaf3f 53038->53039 53040 5240c0 41 API calls 53039->53040 53041 5aaf69 53040->53041 53042 52af80 41 API calls 53041->53042 53043 5ab0a8 __fread_nolock 53042->53043 53044 5ab0c6 SHGetFolderPathA 53043->53044 53045 52ac50 41 API calls 53044->53045 53046 5ab0f3 53045->53046 53047 52ab20 41 API calls 53046->53047 53048 5ab1a7 __fread_nolock 53047->53048 53049 5ab1c1 GetPrivateProfileSectionNamesA 53048->53049 53086 5ab1f4 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 53049->53086 53050 550fae 50 API calls 53050->53086 53051 5ad1ac lstrlen 53052 5ad1c2 53051->53052 53051->53086 53053 512df0 std::_Throw_Cpp_error 41 API calls 53052->53053 53055 5ad1d1 53053->53055 53054 5ab2e5 GetPrivateProfileStringA 53054->53086 53056 512df0 std::_Throw_Cpp_error 41 API calls 53055->53056 53057 5ad1e0 53056->53057 53059 512df0 std::_Throw_Cpp_error 41 API calls 53057->53059 53058 5ad2a9 53063 548c70 std::_Throw_Cpp_error 41 API calls 53058->53063 53061 5ad1ec 53059->53061 53060 52e8a0 41 API calls 53060->53086 53061->52863 53062 52abb0 41 API calls 53062->53086 53064 5ad2b3 53063->53064 53316 529e60 RaiseException 53064->53316 53066 5ad2b8 53067 512cf0 std::_Throw_Cpp_error 41 API calls 53066->53067 53068 5ad2cf 53067->53068 53069 52ace0 41 API calls 53068->53069 53070 5ad2e4 53069->53070 53072 517cf0 41 API calls 53070->53072 53071 52ab20 41 API calls 53071->53086 53073 5ad2fc 53072->53073 53075 5451fb std::_Throw_Cpp_error RaiseException 53073->53075 53074 549820 43 API calls 53074->53086 53076 5ad310 53075->53076 53077 54d0a8 78 API calls 53077->53086 53078 513040 41 API calls std::_Throw_Cpp_error 53078->53086 53079 5240c0 41 API calls 53079->53086 53080 5132d0 41 API calls std::_Throw_Cpp_error 53080->53086 53081 5f6450 44 API calls 53081->53086 53083 5ad201 53088 512cf0 std::_Throw_Cpp_error 41 API calls 53083->53088 53084 5285d0 76 API calls 53084->53086 53085 5280a0 41 API calls 53085->53086 53086->53050 53086->53051 53086->53054 53086->53058 53086->53060 53086->53062 53086->53064 53086->53066 53086->53071 53086->53074 53086->53077 53086->53078 53086->53079 53086->53080 53086->53081 53086->53083 53086->53084 53086->53085 53087 526130 41 API calls 53086->53087 53091 5e6710 148 API calls 53086->53091 53095 52af80 41 API calls 53086->53095 53097 527ef0 41 API calls 53086->53097 53098 5e6570 87 API calls 53086->53098 53099 5ad053 53086->53099 53105 52fbf0 41 API calls 53086->53105 53106 528f00 std::_Throw_Cpp_error 41 API calls 53086->53106 53107 512df0 41 API calls std::_Throw_Cpp_error 53086->53107 53108 543672 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 53086->53108 53109 536db0 41 API calls 53086->53109 53110 5263b0 std::_Throw_Cpp_error 41 API calls 53086->53110 53111 5ad255 53086->53111 53112 523d50 41 API calls 53086->53112 53113 534900 41 API calls 53086->53113 53315 52c3a0 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 53086->53315 53087->53086 53089 5ad218 53088->53089 53090 52ace0 41 API calls 53089->53090 53092 5ad22d 53090->53092 53091->53086 53093 517cf0 41 API calls 53092->53093 53094 5ad245 53093->53094 53096 5451fb std::_Throw_Cpp_error RaiseException 53094->53096 53095->53086 53096->53058 53097->53086 53098->53086 53100 512cf0 std::_Throw_Cpp_error 41 API calls 53099->53100 53101 5ad066 53100->53101 53102 52ace0 41 API calls 53101->53102 53103 5ad07b 53102->53103 53104 517cf0 41 API calls 53103->53104 53104->53094 53105->53086 53106->53086 53107->53086 53108->53086 53109->53086 53110->53086 53114 512cf0 std::_Throw_Cpp_error 41 API calls 53111->53114 53112->53086 53113->53086 53115 5ad268 53114->53115 53116 52ace0 41 API calls 53115->53116 53116->53103 53118 5a8666 53117->53118 53119 527ef0 41 API calls 53118->53119 53120 5a868f 53119->53120 53121 5240c0 41 API calls 53120->53121 53122 5a86b9 53121->53122 53123 52af80 41 API calls 53122->53123 53124 5a8754 __fread_nolock 53123->53124 53125 5a8772 SHGetFolderPathA 53124->53125 53126 52ac50 41 API calls 53125->53126 53127 5a879f 53126->53127 53128 52ab20 41 API calls 53127->53128 53129 5a8844 __fread_nolock 53128->53129 53130 5a885e GetPrivateProfileSectionNamesA 53129->53130 53167 5a8894 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 53130->53167 53131 550fae 50 API calls 53131->53167 53132 5aad90 lstrlen 53133 5aada9 53132->53133 53132->53167 53134 512df0 std::_Throw_Cpp_error 41 API calls 53133->53134 53136 5aadb8 53134->53136 53135 5a8985 GetPrivateProfileStringA 53135->53167 53137 512df0 std::_Throw_Cpp_error 41 API calls 53136->53137 53138 5aadc7 53137->53138 53140 512df0 std::_Throw_Cpp_error 41 API calls 53138->53140 53139 5aae77 53144 548c70 std::_Throw_Cpp_error 41 API calls 53139->53144 53142 5aadd3 53140->53142 53141 52e8a0 41 API calls 53141->53167 53142->52863 53143 52abb0 41 API calls 53143->53167 53145 5aae81 53144->53145 53146 512cf0 std::_Throw_Cpp_error 41 API calls 53145->53146 53147 5aae95 53146->53147 53148 52ace0 41 API calls 53147->53148 53149 5aaeaa 53148->53149 53150 517cf0 41 API calls 53149->53150 53151 5aaec2 53150->53151 53153 5451fb std::_Throw_Cpp_error RaiseException 53151->53153 53152 52ab20 41 API calls 53152->53167 53154 5aaed6 53153->53154 53155 549820 43 API calls 53155->53167 53156 54d0a8 78 API calls 53156->53167 53157 512df0 41 API calls std::_Throw_Cpp_error 53157->53167 53158 512fe0 41 API calls std::_Throw_Cpp_error 53158->53167 53159 5240c0 41 API calls 53159->53167 53160 5f6450 44 API calls 53160->53167 53161 5132d0 41 API calls std::_Throw_Cpp_error 53161->53167 53163 5aade8 53166 512cf0 std::_Throw_Cpp_error 41 API calls 53163->53166 53164 5285d0 76 API calls 53164->53167 53165 526130 41 API calls 53165->53167 53168 5aadff 53166->53168 53167->53131 53167->53132 53167->53135 53167->53139 53167->53141 53167->53143 53167->53145 53167->53152 53167->53155 53167->53156 53167->53157 53167->53158 53167->53159 53167->53160 53167->53161 53167->53163 53167->53164 53167->53165 53171 5e6710 148 API calls 53167->53171 53173 52af80 41 API calls 53167->53173 53176 5aac9a 53167->53176 53177 527ef0 41 API calls 53167->53177 53178 5e6570 87 API calls 53167->53178 53179 523d50 41 API calls 53167->53179 53180 534900 41 API calls 53167->53180 53184 543672 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 53167->53184 53185 5512f6 50 API calls 53167->53185 53186 536db0 41 API calls 53167->53186 53187 513040 41 API calls std::_Throw_Cpp_error 53167->53187 53189 5280a0 41 API calls 53167->53189 53190 5aae23 53167->53190 53317 52c3a0 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 53167->53317 53318 53c080 41 API calls 2 library calls 53167->53318 53169 52ace0 41 API calls 53168->53169 53170 5aacc2 53169->53170 53172 517cf0 41 API calls 53170->53172 53171->53167 53174 5aae63 53172->53174 53173->53167 53175 5451fb std::_Throw_Cpp_error RaiseException 53174->53175 53175->53139 53181 512cf0 std::_Throw_Cpp_error 41 API calls 53176->53181 53177->53167 53178->53167 53179->53167 53180->53167 53182 5aacad 53181->53182 53183 52ace0 41 API calls 53182->53183 53183->53170 53184->53167 53185->53167 53186->53167 53187->53167 53189->53167 53191 512cf0 std::_Throw_Cpp_error 41 API calls 53190->53191 53192 5aae36 53191->53192 53193 52ace0 41 API calls 53192->53193 53193->53170 53195 5a6366 53194->53195 53196 527ef0 41 API calls 53195->53196 53197 5a638f 53196->53197 53198 5240c0 41 API calls 53197->53198 53199 5a63b9 53198->53199 53200 52af80 41 API calls 53199->53200 53201 5a6454 __fread_nolock 53200->53201 53202 5a6472 SHGetFolderPathA 53201->53202 53203 52ac50 41 API calls 53202->53203 53204 5a649f 53203->53204 53205 52ab20 41 API calls 53204->53205 53206 5a6544 __fread_nolock 53205->53206 53207 5a655e GetPrivateProfileSectionNamesA 53206->53207 53269 5a6591 std::ios_base::_Ios_base_dtor __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z std::locale::_Locimp::_Locimp 53207->53269 53208 550fae 50 API calls 53208->53269 53209 5a84ce lstrlen 53210 5a84e4 53209->53210 53209->53269 53212 512df0 std::_Throw_Cpp_error 41 API calls 53210->53212 53211 5a6682 GetPrivateProfileStringA 53211->53269 53213 5a84f3 53212->53213 53214 512df0 std::_Throw_Cpp_error 41 API calls 53213->53214 53216 5a8502 53214->53216 53215 5a85cb 53220 548c70 std::_Throw_Cpp_error 41 API calls 53215->53220 53218 512df0 std::_Throw_Cpp_error 41 API calls 53216->53218 53217 52e8a0 41 API calls 53217->53269 53219 5a850e 53218->53219 53219->52863 53222 5a85d5 53220->53222 53221 52abb0 41 API calls 53221->53269 53223 512cf0 std::_Throw_Cpp_error 41 API calls 53222->53223 53224 5a85ec 53223->53224 53225 52ace0 41 API calls 53224->53225 53226 5a8601 53225->53226 53227 517cf0 41 API calls 53226->53227 53228 5a8619 53227->53228 53229 5451fb std::_Throw_Cpp_error RaiseException 53228->53229 53231 5a862d 53229->53231 53230 52ab20 41 API calls 53230->53269 53232 549820 43 API calls 53232->53269 53233 54d0a8 78 API calls 53233->53269 53234 512df0 41 API calls std::_Throw_Cpp_error 53234->53269 53235 5240c0 41 API calls 53235->53269 53236 5f6450 44 API calls 53236->53269 53238 5a8523 53241 512cf0 std::_Throw_Cpp_error 41 API calls 53238->53241 53239 5132d0 41 API calls std::_Throw_Cpp_error 53239->53269 53240 5285d0 76 API calls 53240->53269 53242 5a853a 53241->53242 53244 52ace0 41 API calls 53242->53244 53243 526130 41 API calls 53243->53269 53246 5a854f 53244->53246 53245 5e6710 148 API calls 53245->53269 53247 517cf0 41 API calls 53246->53247 53248 5a8567 53247->53248 53250 5451fb std::_Throw_Cpp_error RaiseException 53248->53250 53249 52af80 41 API calls 53249->53269 53250->53215 53251 5a8375 53255 512cf0 std::_Throw_Cpp_error 41 API calls 53251->53255 53252 5e6570 87 API calls 53252->53269 53253 534900 41 API calls 53253->53269 53254 523d50 41 API calls 53254->53269 53256 5a8388 53255->53256 53257 52ace0 41 API calls 53256->53257 53258 5a839d 53257->53258 53259 517cf0 41 API calls 53258->53259 53259->53248 53260 52fbf0 41 API calls 53260->53269 53261 528f00 std::_Throw_Cpp_error 41 API calls 53261->53269 53262 527ef0 41 API calls 53262->53269 53263 543672 std::_Facet_Register 3 API calls 53263->53269 53264 513040 41 API calls std::_Throw_Cpp_error 53264->53269 53265 536db0 41 API calls 53265->53269 53266 5512f6 50 API calls 53266->53269 53267 5280a0 41 API calls 53267->53269 53268 5a8577 53270 512cf0 std::_Throw_Cpp_error 41 API calls 53268->53270 53269->53208 53269->53209 53269->53211 53269->53215 53269->53217 53269->53221 53269->53222 53269->53230 53269->53232 53269->53233 53269->53234 53269->53235 53269->53236 53269->53238 53269->53239 53269->53240 53269->53243 53269->53245 53269->53249 53269->53251 53269->53252 53269->53253 53269->53254 53269->53260 53269->53261 53269->53262 53269->53263 53269->53264 53269->53265 53269->53266 53269->53267 53269->53268 53319 52c3a0 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 53269->53319 53271 5a858a 53270->53271 53272 52ace0 41 API calls 53271->53272 53272->53258 53274 551005 53273->53274 53275 550fbd 53273->53275 53310 55101b 50 API calls 3 library calls 53274->53310 53277 550fc3 53275->53277 53278 550fe0 53275->53278 53306 5516ff 14 API calls __dosmaperr 53277->53306 53286 550ffe 53278->53286 53308 5516ff 14 API calls __dosmaperr 53278->53308 53279 550fd3 53279->52945 53281 550fc8 53307 548c60 41 API calls __fread_nolock 53281->53307 53284 550fef 53309 548c60 41 API calls __fread_nolock 53284->53309 53286->52945 53287->52945 53288->52945 53290 52325c 53289->53290 53295 523225 53289->53295 53291 512cf0 std::_Throw_Cpp_error 41 API calls 53290->53291 53292 523269 53291->53292 53311 517b10 41 API calls 3 library calls 53292->53311 53293 523235 53293->52945 53295->53293 53297 512cf0 std::_Throw_Cpp_error 41 API calls 53295->53297 53296 523281 53298 5451fb std::_Throw_Cpp_error RaiseException 53296->53298 53299 52329f 53297->53299 53298->53295 53312 517b10 41 API calls 3 library calls 53299->53312 53301 5232b7 53302 5451fb std::_Throw_Cpp_error RaiseException 53301->53302 53303 5232c8 53302->53303 53304->52945 53305->52945 53306->53281 53307->53279 53308->53284 53309->53279 53310->53279 53311->53296 53312->53301 53313->53030 53314->53030 53315->53086 53317->53167 53318->53167 53319->53269 53505 5d7a80 53506 5d7e4c 53505->53506 53523 5d7abe std::ios_base::_Ios_base_dtor __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 53505->53523 53507 5d7b07 setsockopt recv WSAGetLastError 53507->53506 53507->53523 53509 5d7e37 Sleep 53509->53506 53509->53523 53510 5d7d95 recv 53513 5d7e2f Sleep 53510->53513 53512 528dc0 41 API calls 53514 5d7bad recv 53512->53514 53513->53509 53515 5d7bce recv 53514->53515 53514->53523 53515->53523 53516 519280 44 API calls 53516->53523 53517 5d7e61 53521 548c70 std::_Throw_Cpp_error 41 API calls 53517->53521 53518 5263b0 std::_Throw_Cpp_error 41 API calls 53518->53523 53519 5d7c56 setsockopt recv 53519->53523 53520 528dc0 41 API calls 53520->53519 53522 5d7e66 53521->53522 53523->53507 53523->53509 53523->53510 53523->53512 53523->53513 53523->53516 53523->53517 53523->53518 53523->53519 53523->53520 53525 5d8510 WSAStartup 53523->53525 53538 5d7e70 53523->53538 53610 543069 53523->53610 53526 5d8616 53525->53526 53527 5d8548 53525->53527 53526->53523 53527->53526 53528 5d857e getaddrinfo 53527->53528 53529 5d85c6 53528->53529 53530 5d8610 WSACleanup 53528->53530 53531 5d8624 FreeAddrInfoW 53529->53531 53532 5d85d4 socket 53529->53532 53530->53526 53531->53530 53533 5d8630 53531->53533 53532->53530 53534 5d85ea connect 53532->53534 53533->53523 53535 5d85fc closesocket 53534->53535 53536 5d8620 53534->53536 53535->53532 53537 5d8606 FreeAddrInfoW 53535->53537 53536->53531 53537->53530 53539 5d7eec 53538->53539 53540 5d7ebe 53538->53540 53541 5d7f0e 53539->53541 53542 5d7ef4 53539->53542 53543 512cf0 std::_Throw_Cpp_error 41 API calls 53540->53543 53545 5d7f16 53541->53545 53546 5d7f30 53541->53546 53613 526290 41 API calls 53542->53613 53547 5d7ed0 53543->53547 53614 526290 41 API calls 53545->53614 53549 5d7f38 53546->53549 53550 5d7f55 53546->53550 53551 519280 44 API calls 53547->53551 53579 5d7ee4 53549->53579 53615 526290 41 API calls 53549->53615 53552 5d7f5d 53550->53552 53553 5d7f7b 53550->53553 53551->53579 53616 5512b7 50 API calls __fread_nolock 53552->53616 53558 5d7f9b 53553->53558 53559 5d8240 53553->53559 53553->53579 53554 512df0 std::_Throw_Cpp_error 41 API calls 53557 5d8471 53554->53557 53557->53523 53617 515400 85 API calls std::_Throw_Cpp_error 53558->53617 53561 5d8248 53559->53561 53562 5d829b 53559->53562 53565 52b430 53 API calls 53561->53565 53563 5d82f6 53562->53563 53564 5d82a3 53562->53564 53567 5d82fe 53563->53567 53568 5d8351 53563->53568 53566 52b430 53 API calls 53564->53566 53565->53579 53566->53579 53569 52b430 53 API calls 53567->53569 53571 5d83ac 53568->53571 53572 5d8359 53568->53572 53569->53579 53570 5d8225 53575 542baa RtlReleaseSRWLockExclusive 53570->53575 53573 5d8404 53571->53573 53574 5d83b4 53571->53574 53577 52b430 53 API calls 53572->53577 53573->53579 53622 568b00 50 API calls 2 library calls 53573->53622 53578 52b430 53 API calls 53574->53578 53575->53579 53576 512cf0 std::_Throw_Cpp_error 41 API calls 53587 5d7fc0 53576->53587 53577->53579 53578->53579 53579->53554 53581 5d841a 53582 5262c0 41 API calls 53581->53582 53584 5d8429 53582->53584 53583 52ace0 41 API calls 53583->53587 53585 512df0 std::_Throw_Cpp_error 41 API calls 53584->53585 53585->53579 53586 512df0 41 API calls std::_Throw_Cpp_error 53586->53587 53587->53570 53587->53576 53587->53583 53587->53586 53588 5d808b 53587->53588 53618 512d30 41 API calls std::_Throw_Cpp_error 53588->53618 53590 5d80af 53619 5e6240 43 API calls 5 library calls 53590->53619 53592 5d80c0 53593 512df0 std::_Throw_Cpp_error 41 API calls 53592->53593 53594 5d80cf 53593->53594 53595 5d8132 GetCurrentProcess 53594->53595 53599 5d8165 53594->53599 53596 5263b0 std::_Throw_Cpp_error 41 API calls 53595->53596 53597 5d814e 53596->53597 53620 5df200 61 API calls 3 library calls 53597->53620 53601 549820 43 API calls 53599->53601 53600 5d815d 53602 5d81f9 53600->53602 53603 5d81c7 53601->53603 53621 525230 41 API calls std::_Throw_Cpp_error 53602->53621 53603->53602 53606 551628 75 API calls 53603->53606 53605 5d8216 53607 512df0 std::_Throw_Cpp_error 41 API calls 53605->53607 53608 5d81f3 53606->53608 53607->53570 53609 54d0a8 78 API calls 53608->53609 53609->53602 53623 54361d 53610->53623 53613->53579 53614->53579 53615->53579 53616->53579 53617->53587 53618->53590 53619->53592 53620->53600 53621->53605 53622->53581 53624 54364d GetSystemTimePreciseAsFileTime 53623->53624 53625 543659 GetSystemTimeAsFileTime 53623->53625 53626 543077 53624->53626 53625->53626 53626->53523 46619 5737b0 46694 5737f9 46619->46694 46620 573811 46621 512df0 std::_Throw_Cpp_error 41 API calls 46620->46621 46622 575b02 46620->46622 46621->46620 46624 52ab20 41 API calls 46622->46624 46623 52ab20 41 API calls 46623->46694 46625 575be9 46624->46625 46627 5f6c20 86 API calls 46625->46627 46626 5f6c20 86 API calls 46626->46694 46628 575c0f 46627->46628 46629 575c13 CreateDirectoryA 46628->46629 46631 575c3e 46628->46631 46629->46631 46634 576757 46629->46634 46630 5769a9 46633 512df0 std::_Throw_Cpp_error 41 API calls 46630->46633 46632 57673c 46631->46632 46635 52b260 41 API calls 46631->46635 46632->46634 46638 5f66f0 93 API calls 46632->46638 46636 5769bb 46633->46636 46634->46630 46640 52ab20 41 API calls 46634->46640 46678 575c66 46635->46678 46637 5285d0 76 API calls 46636->46637 46639 5769c7 46637->46639 46638->46634 46643 5768a2 46640->46643 46641 57672d 46698 518ab0 41 API calls std::ios_base::_Ios_base_dtor 46641->46698 46642 52b260 41 API calls 46642->46694 46646 549820 43 API calls 46643->46646 46645 5f66f0 93 API calls 46645->46694 46647 5768ca 46646->46647 46649 512df0 std::_Throw_Cpp_error 41 API calls 46647->46649 46648 518ab0 41 API calls 46648->46694 46653 5768e4 46649->46653 46650 5769a3 46652 54d0a8 78 API calls 46650->46652 46651 5230f0 41 API calls 46651->46694 46652->46630 46653->46630 46653->46650 46654 513350 78 API calls 46653->46654 46654->46653 46655 52b260 41 API calls 46655->46678 46657 5263b0 41 API calls std::_Throw_Cpp_error 46657->46694 46658 52ac50 41 API calls 46658->46694 46659 5263b0 41 API calls std::_Throw_Cpp_error 46659->46678 46660 526240 41 API calls 46660->46678 46661 526240 41 API calls 46661->46694 46662 52ac50 41 API calls 46662->46678 46664 5f6c20 86 API calls 46664->46678 46665 512cf0 41 API calls std::_Throw_Cpp_error 46665->46678 46666 575e29 CreateDirectoryA 46666->46678 46667 526210 41 API calls 46667->46694 46668 549820 43 API calls 46668->46678 46669 575f38 CreateDirectoryA 46669->46678 46670 52ae20 41 API calls 46670->46678 46671 52ae20 41 API calls 46671->46694 46672 549820 43 API calls 46672->46694 46673 52abb0 41 API calls 46673->46678 46674 5f6b90 85 API calls 46674->46694 46675 52abb0 41 API calls 46675->46694 46676 512df0 41 API calls std::_Throw_Cpp_error 46676->46678 46677 5230f0 41 API calls 46677->46678 46678->46641 46678->46655 46678->46659 46678->46660 46678->46662 46678->46664 46678->46665 46678->46666 46678->46668 46678->46669 46678->46670 46678->46673 46678->46676 46678->46677 46679 523200 41 API calls 46678->46679 46680 54d0a8 78 API calls 46678->46680 46685 52b400 41 API calls 46678->46685 46686 52af80 41 API calls 46678->46686 46687 513350 78 API calls 46678->46687 46695 526210 41 API calls std::_Throw_Cpp_error 46678->46695 46696 525310 44 API calls std::_Throw_Cpp_error 46678->46696 46697 518ab0 41 API calls std::ios_base::_Ios_base_dtor 46678->46697 46679->46678 46680->46678 46681 54d0a8 78 API calls 46681->46694 46682 523200 41 API calls 46682->46694 46683 512cf0 41 API calls std::_Throw_Cpp_error 46683->46694 46684 52af80 41 API calls 46684->46694 46685->46678 46686->46678 46687->46678 46689 52b400 41 API calls 46689->46694 46690 52bae0 41 API calls 46690->46694 46691 52b1e0 41 API calls 46691->46694 46692 512df0 41 API calls std::_Throw_Cpp_error 46692->46694 46693 513350 78 API calls 46693->46694 46694->46620 46694->46623 46694->46626 46694->46642 46694->46645 46694->46648 46694->46651 46694->46657 46694->46658 46694->46661 46694->46667 46694->46671 46694->46672 46694->46674 46694->46675 46694->46681 46694->46682 46694->46683 46694->46684 46694->46689 46694->46690 46694->46691 46694->46692 46694->46693 46695->46678 46696->46678 46697->46678 46698->46632 46699 55673c 46702 556488 46699->46702 46703 556494 __fread_nolock 46702->46703 46710 55424b RtlEnterCriticalSection 46703->46710 46705 5564a2 46711 5564e3 46705->46711 46707 5564af 46721 5564d7 RtlLeaveCriticalSection std::_Lockit::~_Lockit 46707->46721 46709 5564c0 46710->46705 46712 5564fe 46711->46712 46720 556571 std::locale::_Setgloballocale 46711->46720 46713 556551 46712->46713 46712->46720 46722 5611cb 46712->46722 46714 5611cb 43 API calls 46713->46714 46713->46720 46716 556567 46714->46716 46718 55b01a __dosmaperr 14 API calls 46716->46718 46717 556547 46719 55b01a __dosmaperr 14 API calls 46717->46719 46718->46720 46719->46713 46720->46707 46721->46709 46723 5611f3 46722->46723 46724 5611d8 46722->46724 46726 561202 46723->46726 46742 566998 42 API calls 2 library calls 46723->46742 46724->46723 46725 5611e4 46724->46725 46741 5516ff 14 API calls __dosmaperr 46725->46741 46731 55b9f8 46726->46731 46730 5611e9 __fread_nolock 46730->46717 46732 55ba10 46731->46732 46737 55ba05 std::_Locinfo::_Locinfo_dtor 46731->46737 46733 55ba18 46732->46733 46739 55ba21 __dosmaperr 46732->46739 46734 55b01a __dosmaperr 14 API calls 46733->46734 46734->46737 46735 55ba26 46743 5516ff 14 API calls __dosmaperr 46735->46743 46736 55ba4b RtlReAllocateHeap 46736->46737 46736->46739 46737->46730 46739->46735 46739->46736 46744 555a89 RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 46739->46744 46741->46730 46742->46726 46743->46737 46744->46739 49464 56f3e0 49465 56f44c 49464->49465 49466 56f42d 49464->49466 49467 5263b0 std::_Throw_Cpp_error 41 API calls 49466->49467 49468 56f43f 49467->49468 49470 5a3ec0 49468->49470 49471 5459b0 __fread_nolock 49470->49471 49472 5a3f15 SHGetFolderPathA 49471->49472 49473 5a4080 49472->49473 49473->49473 49474 513040 std::_Throw_Cpp_error 41 API calls 49473->49474 49475 5a409c 49474->49475 49476 52fbf0 41 API calls 49475->49476 49479 5a40cd std::ios_base::_Ios_base_dtor 49476->49479 49477 5f6c20 86 API calls 49484 5a418d 49477->49484 49478 5a56f9 49480 548c70 std::_Throw_Cpp_error 41 API calls 49478->49480 49479->49477 49479->49478 49483 5a56fe 49480->49483 49481 5a56c2 49482 512df0 std::_Throw_Cpp_error 41 API calls 49481->49482 49485 5a56d7 49482->49485 49607 527ef0 49483->49607 49484->49481 49484->49483 49487 52e8a0 41 API calls 49484->49487 49486 512df0 std::_Throw_Cpp_error 41 API calls 49485->49486 49488 5a56e6 49486->49488 49490 5a4273 49487->49490 49488->49465 49492 5f6c20 86 API calls 49490->49492 49491 5a575d 49626 5240c0 49491->49626 49495 5a4294 49492->49495 49497 5a56ad 49495->49497 49502 52ab20 41 API calls 49495->49502 49496 5a583c 49500 5a627d 49496->49500 49501 5a5857 49496->49501 49499 512df0 std::_Throw_Cpp_error 41 API calls 49497->49499 49498 527ef0 41 API calls 49498->49496 49499->49481 49505 512cf0 std::_Throw_Cpp_error 41 API calls 49500->49505 49504 513040 std::_Throw_Cpp_error 41 API calls 49501->49504 49503 5a43c4 49502->49503 49506 549820 43 API calls 49503->49506 49507 5a589d 49504->49507 49508 5a6290 49505->49508 49509 5a43e0 49506->49509 49634 536db0 49507->49634 49511 52ace0 41 API calls 49508->49511 49512 512df0 std::_Throw_Cpp_error 41 API calls 49509->49512 49514 5a43f4 49512->49514 49515 5a43f8 49514->49515 49516 5a43fe 49514->49516 49519 54d0a8 78 API calls 49515->49519 49520 52ab20 41 API calls 49516->49520 49519->49516 49523 5a44bc FindFirstFileA 49520->49523 49528 5a4902 49523->49528 49577 5a44f0 std::ios_base::_Ios_base_dtor 49523->49577 49532 5a568f 49528->49532 49533 52ab20 41 API calls 49528->49533 49531 5a48e4 FindNextFileA 49531->49577 49537 52ab20 41 API calls 49537->49577 49554 528f00 std::_Throw_Cpp_error 41 API calls 49554->49577 49562 52abb0 41 API calls 49562->49577 49573 549820 43 API calls 49573->49577 49577->49478 49577->49531 49577->49537 49577->49554 49577->49562 49577->49573 49582 512df0 41 API calls std::_Throw_Cpp_error 49577->49582 49585 54d0a8 78 API calls 49577->49585 49587 513040 std::_Throw_Cpp_error 41 API calls 49577->49587 49589 5342a0 41 API calls 49577->49589 49582->49577 49585->49577 49587->49577 49589->49577 49608 527f1d 49607->49608 49614 528034 49607->49614 49609 527f83 49608->49609 49610 527fcb 49608->49610 49611 527f24 49608->49611 49612 527f2b 49608->49612 49613 527f7c 49608->49613 49619 543672 std::_Facet_Register 3 API calls 49609->49619 49610->49491 49646 52c3a0 RaiseException RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 49611->49646 49616 543672 std::_Facet_Register 3 API calls 49612->49616 49647 52cf80 41 API calls 2 library calls 49613->49647 49617 512cf0 std::_Throw_Cpp_error 41 API calls 49614->49617 49620 527f29 49614->49620 49616->49620 49621 52804f 49617->49621 49619->49620 49620->49491 49648 517f90 41 API calls 2 library calls 49621->49648 49623 528062 49624 5451fb std::_Throw_Cpp_error RaiseException 49623->49624 49625 528073 49624->49625 49627 5240ff 49626->49627 49628 543672 std::_Facet_Register 3 API calls 49627->49628 49629 52412e 49628->49629 49630 5241ac 49629->49630 49649 53bf30 41 API calls 3 library calls 49629->49649 49630->49496 49630->49498 49632 524171 49632->49630 49650 529860 41 API calls 49632->49650 49646->49620 49647->49620 49648->49623 49649->49632 49650->49632 53320 576ca0 53321 576cea 53320->53321 53323 578692 53321->53323 53324 52ab20 41 API calls 53321->53324 53327 5796cb 53321->53327 53322 579ab4 53437 5a23c0 53322->53437 53328 52ab20 41 API calls 53323->53328 53326 576d81 53324->53326 53329 5f6c20 86 API calls 53326->53329 53327->53322 53334 52ab20 41 API calls 53327->53334 53330 57876b 53328->53330 53332 576da7 53329->53332 53336 549820 43 API calls 53330->53336 53331 579dd0 53480 522c30 41 API calls 2 library calls 53331->53480 53338 5f6b90 85 API calls 53332->53338 53343 576dca 53332->53343 53339 5797b8 53334->53339 53335 579de2 53340 578793 53336->53340 53337 579ac2 53337->53331 53345 52ab20 41 API calls 53337->53345 53338->53343 53344 549820 43 API calls 53339->53344 53341 512df0 std::_Throw_Cpp_error 41 API calls 53340->53341 53354 5787aa 53341->53354 53342 578680 53346 512df0 std::_Throw_Cpp_error 41 API calls 53342->53346 53343->53342 53347 52b260 41 API calls 53343->53347 53352 577a8b 53343->53352 53348 5797e0 53344->53348 53349 579bb1 53345->53349 53346->53323 53433 576df9 53347->53433 53350 512df0 std::_Throw_Cpp_error 41 API calls 53348->53350 53356 549820 43 API calls 53349->53356 53363 5797fa 53350->53363 53351 578665 53351->53342 53361 5f66f0 93 API calls 53351->53361 53352->53351 53355 52b260 41 API calls 53352->53355 53353 577a7c 53475 518ab0 41 API calls std::ios_base::_Ios_base_dtor 53353->53475 53354->53327 53359 513350 78 API calls 53354->53359 53434 577aae 53355->53434 53357 579bd9 53356->53357 53360 512df0 std::_Throw_Cpp_error 41 API calls 53357->53360 53366 57883d 53359->53366 53369 579bf3 53360->53369 53361->53342 53362 578656 53477 518ab0 41 API calls std::ios_base::_Ios_base_dtor 53362->53477 53363->53322 53364 513350 78 API calls 53363->53364 53386 579891 53364->53386 53368 52b260 41 API calls 53366->53368 53372 578f83 53366->53372 53412 578863 53368->53412 53369->53331 53371 513350 78 API calls 53369->53371 53370 579aae 53374 54d0a8 78 API calls 53370->53374 53387 579c8a 53371->53387 53373 5796c3 53372->53373 53377 52b260 41 API calls 53372->53377 53379 54d0a8 78 API calls 53373->53379 53374->53322 53375 5230f0 41 API calls 53375->53434 53376 523200 41 API calls 53376->53433 53414 578fa6 53377->53414 53378 578f74 53478 518ab0 41 API calls std::ios_base::_Ios_base_dtor 53378->53478 53379->53327 53380 579dca 53382 54d0a8 78 API calls 53380->53382 53382->53331 53383 523200 41 API calls 53383->53434 53384 5796b4 53479 518ab0 41 API calls std::ios_base::_Ios_base_dtor 53384->53479 53386->53370 53388 513350 78 API calls 53386->53388 53387->53380 53389 513350 78 API calls 53387->53389 53388->53386 53389->53387 53390 5230f0 41 API calls 53390->53412 53391 512cf0 41 API calls std::_Throw_Cpp_error 53391->53434 53392 523200 41 API calls 53392->53412 53393 5230f0 41 API calls 53393->53414 53394 512cf0 41 API calls std::_Throw_Cpp_error 53394->53412 53395 523200 41 API calls 53395->53414 53396 512cf0 41 API calls std::_Throw_Cpp_error 53396->53414 53397 52af80 41 API calls 53397->53412 53398 52af80 41 API calls 53398->53434 53399 52b400 41 API calls 53399->53434 53400 52af80 41 API calls 53400->53433 53401 52b400 41 API calls 53401->53412 53402 5263b0 41 API calls std::_Throw_Cpp_error 53402->53434 53403 52b400 41 API calls 53403->53433 53404 52af80 41 API calls 53404->53414 53405 526240 41 API calls 53405->53433 53406 512df0 41 API calls std::_Throw_Cpp_error 53406->53434 53407 52b400 41 API calls 53407->53414 53408 52ac50 41 API calls 53408->53434 53409 5f6c20 86 API calls 53409->53434 53410 513350 78 API calls 53410->53412 53411 512df0 41 API calls std::_Throw_Cpp_error 53411->53412 53412->53378 53412->53390 53412->53392 53412->53394 53412->53397 53412->53401 53412->53410 53412->53411 53413 513350 78 API calls 53413->53414 53414->53384 53414->53393 53414->53395 53414->53396 53414->53404 53414->53407 53414->53413 53415 512df0 41 API calls std::_Throw_Cpp_error 53414->53415 53415->53414 53417 5263b0 41 API calls std::_Throw_Cpp_error 53417->53433 53418 512cf0 41 API calls std::_Throw_Cpp_error 53418->53433 53420 526240 41 API calls 53420->53434 53421 5f6cf0 78 API calls 53421->53433 53423 5f6cf0 78 API calls 53423->53434 53424 549820 43 API calls 53424->53433 53425 5f6b90 85 API calls 53425->53434 53426 52ac50 41 API calls 53426->53433 53427 512df0 41 API calls std::_Throw_Cpp_error 53427->53433 53428 549820 43 API calls 53428->53434 53429 513350 78 API calls 53429->53433 53430 513350 78 API calls 53430->53434 53431 54d0a8 78 API calls 53431->53433 53432 5f6c20 86 API calls 53432->53433 53433->53353 53433->53376 53433->53400 53433->53403 53433->53405 53433->53417 53433->53418 53433->53421 53433->53424 53433->53426 53433->53427 53433->53429 53433->53431 53433->53432 53436 5f6b90 85 API calls 53433->53436 53464 5230f0 53433->53464 53473 5f63f0 41 API calls 53433->53473 53474 526210 41 API calls std::_Throw_Cpp_error 53433->53474 53434->53362 53434->53375 53434->53383 53434->53391 53434->53398 53434->53399 53434->53402 53434->53406 53434->53408 53434->53409 53434->53420 53434->53423 53434->53425 53434->53428 53434->53430 53435 54d0a8 78 API calls 53434->53435 53476 526210 41 API calls std::_Throw_Cpp_error 53434->53476 53435->53434 53436->53433 53481 5a3ae0 53437->53481 53439 5a242d 53439->53337 53440 5a2427 53440->53439 53441 513040 std::_Throw_Cpp_error 41 API calls 53440->53441 53442 5a246e 53441->53442 53444 528f00 std::_Throw_Cpp_error 41 API calls 53442->53444 53445 5a2520 53444->53445 53499 5a3850 45 API calls 2 library calls 53445->53499 53447 5a29b3 53448 5285d0 76 API calls 53447->53448 53450 5a29c9 53448->53450 53449 5a29f4 53453 548c70 std::_Throw_Cpp_error 41 API calls 53449->53453 53452 512df0 std::_Throw_Cpp_error 41 API calls 53450->53452 53451 52e8a0 41 API calls 53463 5a2547 std::ios_base::_Ios_base_dtor std::locale::_Locimp::_Locimp 53451->53463 53452->53439 53455 5a29fe 53453->53455 53454 52ad80 41 API calls 53454->53463 53456 52ab20 41 API calls 53456->53463 53459 5132d0 std::_Throw_Cpp_error 41 API calls 53459->53463 53460 5263b0 41 API calls std::_Throw_Cpp_error 53460->53463 53462 512df0 41 API calls std::_Throw_Cpp_error 53462->53463 53463->53447 53463->53449 53463->53451 53463->53454 53463->53456 53463->53459 53463->53460 53463->53462 53500 5a3000 46 API calls 4 library calls 53463->53500 53501 5a2a00 50 API calls 5 library calls 53463->53501 53502 532ac0 41 API calls 4 library calls 53463->53502 53465 52316c 53464->53465 53467 523114 53464->53467 53466 512cf0 std::_Throw_Cpp_error 41 API calls 53465->53466 53468 523179 53466->53468 53467->53433 53504 517b10 41 API calls 3 library calls 53468->53504 53470 523191 53471 5451fb std::_Throw_Cpp_error RaiseException 53470->53471 53472 5231a2 53471->53472 53473->53433 53474->53433 53475->53352 53476->53434 53477->53351 53478->53372 53479->53373 53480->53335 53482 5a3b25 __fread_nolock 53481->53482 53483 5a3b57 RegOpenKeyExA 53482->53483 53484 5a3e9b 53483->53484 53485 5a3d17 RegQueryValueExA RegCloseKey 53483->53485 53484->53440 53485->53484 53486 5a3d45 53485->53486 53487 513040 std::_Throw_Cpp_error 41 API calls 53486->53487 53488 5a3d6a 53487->53488 53489 5a3d99 53488->53489 53490 5a3eb0 53488->53490 53491 513040 std::_Throw_Cpp_error 41 API calls 53489->53491 53503 529e60 RaiseException 53490->53503 53493 5a3db5 std::locale::_Locimp::_Locimp 53491->53493 53494 548c70 std::_Throw_Cpp_error 41 API calls 53493->53494 53498 5a3e17 std::ios_base::_Ios_base_dtor 53493->53498 53494->53498 53495 548c70 std::_Throw_Cpp_error 41 API calls 53496 5a3ebf 53495->53496 53497 5a3e69 std::ios_base::_Ios_base_dtor 53497->53440 53498->53495 53498->53497 53499->53463 53500->53463 53501->53463 53502->53463 53504->53470

                                                                                                                                        Executed Functions

                                                                                                                                        Function 005EFE80 Relevance: 103.7, APIs: 50, Strings: 7, Instructions: 3939registrytimefileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 005F008B
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,0000002E,0000002F,?,?,?,?,00675B0C,00000001,0000002E,0000002F,?,0066B3BC,3"R,0066B3BC), ref: 005F035B
                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 005F04D6
                                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 005F04EC
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 005F04FC
                                                                                                                                        • GetLastError.KERNEL32 ref: 005F0502
                                                                                                                                        • GetLastError.KERNEL32 ref: 005F0520
                                                                                                                                          • Part of subcall function 005F7160: GetCurrentProcess.KERNEL32(005F0880), ref: 005F716F
                                                                                                                                          • Part of subcall function 005F7160: IsWow64Process.KERNEL32(00000000), ref: 005F7176
                                                                                                                                          • Part of subcall function 0055196B: GetSystemTimeAsFileTime.KERNEL32(005F09F8,00000000,00000000,?,?,?,005F09F8,00000000), ref: 00551980
                                                                                                                                          • Part of subcall function 0055196B: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0055199F
                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,?,?,?,?), ref: 005F0CB1
                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,?), ref: 005F0D7D
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 005F0DB2
                                                                                                                                        • GetCurrentHwProfileA.ADVAPI32(?), ref: 005F0F4A
                                                                                                                                        • GetModuleHandleExA.KERNEL32(00000004,005F5F40,?,?,?,?,?,?,?,?,00000000), ref: 005F144B
                                                                                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000), ref: 005F1463
                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,?,?), ref: 005F1E16
                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,?), ref: 005F1EE2
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 005F2161
                                                                                                                                        • GetComputerNameA.KERNEL32(?,?), ref: 005F2195
                                                                                                                                        • GetUserNameA.ADVAPI32(?,?), ref: 005F2333
                                                                                                                                        • GetDesktopWindow.USER32 ref: 005F23D6
                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 005F23E4
                                                                                                                                        • GetUserDefaultLocaleName.KERNEL32(?,00000200), ref: 005F254F
                                                                                                                                        • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 005F2A15
                                                                                                                                        • LocalAlloc.KERNEL32(00000040), ref: 005F2A27
                                                                                                                                        • GetKeyboardLayoutList.USER32(?,00000000), ref: 005F2A42
                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 005F2A6D
                                                                                                                                        • LocalFree.KERNEL32(?), ref: 005F2C30
                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 005F2C47
                                                                                                                                        • GetSystemTime.KERNEL32(?), ref: 005F2E5D
                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?), ref: 005F2E80
                                                                                                                                        • TzSpecificLocalTimeToSystemTime.KERNELBASE(?,?,?), ref: 005F2EA5
                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00020019,?), ref: 005F32BF
                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,?), ref: 005F3411
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 005F34C2
                                                                                                                                        • GetSystemInfo.KERNELBASE(?), ref: 005F34EA
                                                                                                                                        • GlobalMemoryStatusEx.KERNELBASE(?), ref: 005F359D
                                                                                                                                        • EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 005F36B1
                                                                                                                                        • EnumDisplayDevicesA.USER32(00000000,00000001,?,00000001), ref: 005F3A94
                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 005F3BD3
                                                                                                                                        • Process32First.KERNEL32(00000000,?), ref: 005F3BEB
                                                                                                                                        • Process32Next.KERNEL32(00000000,?), ref: 005F3C01
                                                                                                                                        • Process32Next.KERNEL32(00000000,?), ref: 005F3CD3
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 005F3CE2
                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00020019,?), ref: 005F4056
                                                                                                                                        • RegEnumKeyExA.KERNELBASE(?,00000000,?,?), ref: 005F408D
                                                                                                                                        • wsprintfA.USER32 ref: 005F4170
                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00020019,?), ref: 005F4193
                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400), ref: 005F4292
                                                                                                                                        • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400), ref: 005F4389
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 005F4465
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 005F4480
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseTime$FileOpenQueryValue$LocalNameSystem$EnumFindNextProcess32$CreateCurrentDevicesDisplayErrorFirstHandleInfoKeyboardLastLayoutListLocaleModuleProcessUserWindow$AllocComputerCopyDefaultDesktopDirectoryFreeGlobalInformationMemoryProfileRectSnapshotSpecificStatusToolhelp32Unothrow_t@std@@@Wow64Zone__ehfuncinfo$??2@wsprintf
                                                                                                                                        • String ID: !z$*H$*S$2.0$3"R$combo$-Jh
                                                                                                                                        • API String ID: 3185416054-1569301507
                                                                                                                                        • Opcode ID: 1d3fcdd70277968fa6b59ec65ad5c0ca8f77a15c5af0ed8b0cfe53010ea40ff9
                                                                                                                                        • Instruction ID: 28ce899d3bc24a524407a7e7a14e6afc9743fa974ccf8726b29f9c8aa9c6e659
                                                                                                                                        • Opcode Fuzzy Hash: 1d3fcdd70277968fa6b59ec65ad5c0ca8f77a15c5af0ed8b0cfe53010ea40ff9
                                                                                                                                        • Instruction Fuzzy Hash: B5B3FFB4D0426DCBDB24CF98D985AEEBBB1BF48300F104199E949BB341D7352A85CFA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0051B8E0 Relevance: 79.4, APIs: 40, Strings: 2, Instructions: 5855fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051BA08
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051BAD2
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051BF80
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051C47A
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051C575
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051C969
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051CD72
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051D17B
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051D29A
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051D6F8
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051D9DC
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051DAD7
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051DE41
                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000000), ref: 0051E55A
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051ECF6
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0051EEEA
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051F45B
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051F525
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 005201ED
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00520580
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0052088D
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 00520DC4
                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000000), ref: 0052173C
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00521904
                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00521CD7
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00521E6E
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00521FBE
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00520B14
                                                                                                                                          • Part of subcall function 005EFE80: CreateDirectoryA.KERNEL32(00000000,00000000,0000002E,0000002F,?,?,?,?,00675B0C,00000001,0000002E,0000002F,?,0066B3BC,3"R,0066B3BC), ref: 005F035B
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00520F12
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051FEF1
                                                                                                                                          • Part of subcall function 005F66F0: GetLastError.KERNEL32 ref: 005F6AA0
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051FC55
                                                                                                                                          • Part of subcall function 005EFE80: FindFirstFileA.KERNEL32(00000000,?), ref: 005F008B
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051F933
                                                                                                                                          • Part of subcall function 005F66F0: SetFileAttributesA.KERNEL32(?,00000080,?,?,006994F8,?,?), ref: 005F6A0A
                                                                                                                                          • Part of subcall function 005F66F0: DeleteFileA.KERNEL32(?), ref: 005F6A24
                                                                                                                                          • Part of subcall function 005F66F0: RemoveDirectoryA.KERNELBASE(?), ref: 005F6A8B
                                                                                                                                          • Part of subcall function 005F66F0: std::_Throw_Cpp_error.LIBCPMT ref: 005F6B67
                                                                                                                                          • Part of subcall function 005F66F0: std::_Throw_Cpp_error.LIBCPMT ref: 005F6B78
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CCF
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CE0
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051E6FA
                                                                                                                                          • Part of subcall function 005D5F80: FindFirstFileA.KERNELBASE(00000000,?,00000000), ref: 005D60BF
                                                                                                                                          • Part of subcall function 00539070: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0053910D
                                                                                                                                          • Part of subcall function 00539070: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 00539155
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051DF3C
                                                                                                                                          • Part of subcall function 005F66F0: FindNextFileA.KERNELBASE(?,00000010), ref: 005F6A38
                                                                                                                                          • Part of subcall function 005F66F0: FindClose.KERNEL32(?), ref: 005F6A4A
                                                                                                                                          • Part of subcall function 005F66F0: GetLastError.KERNEL32 ref: 005F6A50
                                                                                                                                          • Part of subcall function 005F66F0: SetFileAttributesA.KERNELBASE(?,00000080), ref: 005F6A6D
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0051D5FD
                                                                                                                                          • Part of subcall function 005F66F0: FindFirstFileA.KERNELBASE(00000000,?,006994F8,?,?,?,\*.*,00000004), ref: 005F6865
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0051BB07
                                                                                                                                          • Part of subcall function 005F6C20: GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                          • Part of subcall function 005F6C20: GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051BD08
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0051BD37
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051C0CC
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051C196
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Directory$Create$File$Copy$Find$Cpp_errorThrow_std::_$AttributesErrorFirstLast$FolderPath___std_fs_convert_narrow_to_wide@20$CloseDeleteNextRemove
                                                                                                                                        • String ID: 1!u$U[b
                                                                                                                                        • API String ID: 1172780710-4099298338
                                                                                                                                        • Opcode ID: 82367cfca31ea6b53c631d0cfed217821e286d52ea1baf0fd9aa5f3b9a0dc01a
                                                                                                                                        • Instruction ID: 86bbdcb160713b5f33e639804443990aff9cadafae674781b75bc42e06f7a356
                                                                                                                                        • Opcode Fuzzy Hash: 82367cfca31ea6b53c631d0cfed217821e286d52ea1baf0fd9aa5f3b9a0dc01a
                                                                                                                                        • Instruction Fuzzy Hash: FCF3E0B4D0426D8BDF24CFA8D985AEEBBB0BF48304F144199D849B7341DB352A85CFA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005BA180 Relevance: 63.8, APIs: 10, Strings: 15, Instructions: 20001COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 005BA1F7
                                                                                                                                          • Part of subcall function 005D5F80: FindFirstFileA.KERNELBASE(00000000,?,00000000), ref: 005D60BF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileFindFirstFolderPath
                                                                                                                                        • String ID: 1/h$@+'f$@+'f$@+'f$@+'f$@+'f$U#:$[2?$[2?$[2?$[2?$[2?$\$cannot use operator[] with a string argument with $cannot use push_back() with
                                                                                                                                        • API String ID: 2195519125-2428695108
                                                                                                                                        • Opcode ID: 9f9f62e26fbceb73e97fcc81e4c459184b8ad970a8f4f3dd661fbb7a2df9c221
                                                                                                                                        • Instruction ID: 8a822f5e296ec142d6db216e1baee5612ccea892e712963fd502d14c6713c86f
                                                                                                                                        • Opcode Fuzzy Hash: 9f9f62e26fbceb73e97fcc81e4c459184b8ad970a8f4f3dd661fbb7a2df9c221
                                                                                                                                        • Instruction Fuzzy Hash: BAB421B4D052698BDB25CF68C984BEEBBB1BF49304F1081D9D849A7281DB356F84CF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005E7580 Relevance: 52.8, APIs: 31, Instructions: 6337fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,0066B0B2,000000FF), ref: 005E75EC
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 005E7613
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005E78D9
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005E7C3B
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 005E8D77
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 005E9912
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EA29E
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 005EA36F
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EA692
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EA9FD
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 005EAACE
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EADB9
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?), ref: 005EB049
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EB1FC
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EB4D6
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EB8BC
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?), ref: 005EBC71
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EBE24
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EC0FE
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EC4E4
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005E9F33
                                                                                                                                          • Part of subcall function 005EFE80: CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 005F04D6
                                                                                                                                          • Part of subcall function 005EFE80: GetLastError.KERNEL32 ref: 005F0520
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EC91C
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 005ECA73
                                                                                                                                          • Part of subcall function 005EE3B0: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 005EE41D
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005E9BD3
                                                                                                                                          • Part of subcall function 005F66F0: SetFileAttributesA.KERNEL32(?,00000080,?,?,006994F8,?,?), ref: 005F6A0A
                                                                                                                                          • Part of subcall function 005F66F0: DeleteFileA.KERNEL32(?), ref: 005F6A24
                                                                                                                                          • Part of subcall function 005F66F0: RemoveDirectoryA.KERNELBASE(?), ref: 005F6A8B
                                                                                                                                          • Part of subcall function 005F66F0: std::_Throw_Cpp_error.LIBCPMT ref: 005F6B67
                                                                                                                                          • Part of subcall function 005F66F0: std::_Throw_Cpp_error.LIBCPMT ref: 005F6B78
                                                                                                                                          • Part of subcall function 005F66F0: GetLastError.KERNEL32 ref: 005F6AA0
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?), ref: 005E95C8
                                                                                                                                          • Part of subcall function 005EFE80: FindNextFileA.KERNEL32(00000000,?), ref: 005F04EC
                                                                                                                                          • Part of subcall function 005EFE80: FindClose.KERNEL32(00000000), ref: 005F04FC
                                                                                                                                          • Part of subcall function 005EFE80: GetLastError.KERNEL32 ref: 005F0502
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 005E915D
                                                                                                                                          • Part of subcall function 005F66F0: FindNextFileA.KERNELBASE(?,00000010), ref: 005F6A38
                                                                                                                                          • Part of subcall function 005F66F0: FindClose.KERNEL32(?), ref: 005F6A4A
                                                                                                                                          • Part of subcall function 005F66F0: GetLastError.KERNEL32 ref: 005F6A50
                                                                                                                                          • Part of subcall function 005F66F0: SetFileAttributesA.KERNELBASE(?,00000080), ref: 005F6A6D
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?), ref: 005E88EA
                                                                                                                                          • Part of subcall function 005EFE80: CreateDirectoryA.KERNEL32(00000000,00000000,0000002E,0000002F,?,?,?,?,00675B0C,00000001,0000002E,0000002F,?,0066B3BC,3"R,0066B3BC), ref: 005F035B
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 005E8A9D
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?), ref: 005E82E2
                                                                                                                                          • Part of subcall function 005F66F0: FindFirstFileA.KERNELBASE(00000000,?,006994F8,?,?,?,\*.*,00000004), ref: 005F6865
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 005E85A3
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005E7F9B
                                                                                                                                          • Part of subcall function 005EFE80: FindFirstFileA.KERNEL32(00000000,?), ref: 005F008B
                                                                                                                                          • Part of subcall function 005F6C20: GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                          • Part of subcall function 005F6C20: GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CCF
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CE0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Directory$Create$File$Find$ErrorLast$CopyCpp_errorThrow_std::_$AttributesFolderPath$CloseFirstNext$DeleteRemove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1140557632-0
                                                                                                                                        • Opcode ID: b66d28084eb54c4114aac4df5e9fdecca291e82ad9fbb30df2df6e427740850d
                                                                                                                                        • Instruction ID: 53232ecf78f3156b97abda94633deb589b38c0253be042af2a2237cd87034ea5
                                                                                                                                        • Opcode Fuzzy Hash: b66d28084eb54c4114aac4df5e9fdecca291e82ad9fbb30df2df6e427740850d
                                                                                                                                        • Instruction Fuzzy Hash: D2F303B4D0425A8BDF14CFA8C9956EEBBB0BF48304F144199D949BB341DB316B85CFA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005A03C0 Relevance: 28.0, APIs: 13, Strings: 2, Instructions: 1749registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000001,?,00000000,00020019,?), ref: 005A07BB
                                                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 005A07EF
                                                                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 005A0815
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 005A09AC
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 005A0C33
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 005A0D20
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 005A0E61
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 005A0F4B
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 005A1035
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 005A111F
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 005A221B
                                                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000001,?,00000104), ref: 005A2251
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 005A2265
                                                                                                                                        Strings
                                                                                                                                        • cannot use operator[] with a string argument with , xrefs: 005A231E, 005A2373
                                                                                                                                        • cannot use push_back() with , xrefs: 005A22C5
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: QueryValue$CloseEnumOpen
                                                                                                                                        • String ID: cannot use operator[] with a string argument with $cannot use push_back() with
                                                                                                                                        • API String ID: 2041898428-3306948993
                                                                                                                                        • Opcode ID: 617e5659ecb7ee85cdaba202e05522e815e157663e3fdf382791b5c5ab2b9cd3
                                                                                                                                        • Instruction ID: 5cf0d9c2ff18ad0a2bdba44ce91c0f7cc233d1b69f5ffcbabc12ae1e597e4b9c
                                                                                                                                        • Opcode Fuzzy Hash: 617e5659ecb7ee85cdaba202e05522e815e157663e3fdf382791b5c5ab2b9cd3
                                                                                                                                        • Instruction Fuzzy Hash: 6D1311B4D042698BDB25CF28CD84BEEBBB5BF49304F1481D9E549A7241EB716B84CF90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005A3EC0 Relevance: 26.5, APIs: 12, Strings: 2, Instructions: 1966fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 005A3F27
                                                                                                                                          • Part of subcall function 005F6C20: GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                          • Part of subcall function 005F6C20: GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 005A44DF
                                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 005A48EC
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 005A48FC
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005A49D3
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005A4A99
                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 005A4C1D
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CCF
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CE0
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005A4DC4
                                                                                                                                        • CopyFileA.KERNEL32(00000000,?,00000000), ref: 005A5078
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 005A55B8
                                                                                                                                        • CredEnumerateA.ADVAPI32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,00000004), ref: 005A597D
                                                                                                                                        • LocalFree.KERNELBASE(00000000,?,?,?,00000004), ref: 005A6257
                                                                                                                                          • Part of subcall function 005451FB: RaiseException.KERNEL32(E06D7363,00000001,00000003,0052ABA8,?,?,?,00541D09,0052ABA8,006899D8,00000000,0052ABA8), ref: 0054525B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$CopyCreateDirectoryFind$Cpp_errorThrow_std::_$AttributesCloseCredEnumerateErrorExceptionFirstFolderFreeLastLocalNextPathRaise
                                                                                                                                        • String ID: cannot use operator[] with a string argument with $tmi
                                                                                                                                        • API String ID: 3528249430-641046634
                                                                                                                                        • Opcode ID: 53e78065d1bdbd521423ed9b0dd19851999650b7282139b2db7fb6ed8963d2f7
                                                                                                                                        • Instruction ID: 6500fb483735d15b41969875483fbf23450fc00eeff1fee5b9b3fa4ac95a37fc
                                                                                                                                        • Opcode Fuzzy Hash: 53e78065d1bdbd521423ed9b0dd19851999650b7282139b2db7fb6ed8963d2f7
                                                                                                                                        • Instruction Fuzzy Hash: CE3310B4D042698BDB25CF68C994BEDBBB0BF49304F1481D9E849A7341EB346B85CF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005AF050 Relevance: 22.4, APIs: 6, Strings: 5, Instructions: 3171stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 005AF1A4
                                                                                                                                        • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 005AF2A2
                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 005AF495
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005B1BF6
                                                                                                                                          • Part of subcall function 005F6C20: GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                          • Part of subcall function 005F6C20: GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005B1EDD
                                                                                                                                        • lstrlen.KERNEL32(?), ref: 005B340E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectoryPrivateProfile$AttributesErrorFileFolderLastNamesPathSectionStringlstrlen
                                                                                                                                        • String ID: Bbb$[2?$[2?$cannot use operator[] with a string argument with $cannot use push_back() with
                                                                                                                                        • API String ID: 2833034228-788601495
                                                                                                                                        • Opcode ID: 8f91d7ab7326f471fa799470452e17fab105313ac1500d9a8df43924fb3f9f77
                                                                                                                                        • Instruction ID: 15c3a2c2fc3877a9af2784c0555a1660ee742320774dd97a2f51ac9e8aad35cd
                                                                                                                                        • Opcode Fuzzy Hash: 8f91d7ab7326f471fa799470452e17fab105313ac1500d9a8df43924fb3f9f77
                                                                                                                                        • Instruction Fuzzy Hash: 6C93DCB4D052A98ADB65CF28C995BEDBBB1BF49304F0081DAD84DA7241DB752BC4CF81
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00591B90 Relevance: 21.5, APIs: 7, Strings: 4, Instructions: 2202COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 005F6C20: GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                          • Part of subcall function 005F6C20: GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?), ref: 0059272B
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00592A27
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?), ref: 00592D25
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00593085
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 005933B3
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,00000008,00000000,00000000,?), ref: 005936B7
                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00594461
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FolderPath$AttributesConcurrency::cancel_current_taskErrorFileLast
                                                                                                                                        • String ID: cannot compare iterators of different containers$cannot get value$type must be boolean, but is $type must be string, but is
                                                                                                                                        • API String ID: 1974481932-2698695959
                                                                                                                                        • Opcode ID: 927623c3d2501fa3725f80854854fc9ce2b1f3517ca4c3d8409fe929fb581ab3
                                                                                                                                        • Instruction ID: 1833c41be1b69e0aca6928825e3d82f3781c3be0c5f147c7e4bc4bd9ea5dd3ab
                                                                                                                                        • Opcode Fuzzy Hash: 927623c3d2501fa3725f80854854fc9ce2b1f3517ca4c3d8409fe929fb581ab3
                                                                                                                                        • Instruction Fuzzy Hash: EA4312B4D052698BDB25CF24C994BEEBBB5BF49304F1082D9D849A7241EB316F84CF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005F66F0 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 334fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 10772 5f66f0-5f6743 call 542b99 10775 5f6749-5f6753 10772->10775 10776 5f6b65-5f6b67 call 542534 10772->10776 10778 5f6b6c-5f6b78 call 542534 10775->10778 10779 5f6759-5f67a2 10775->10779 10776->10778 10781 5f6b7d call 512c60 10778->10781 10779->10781 10782 5f67a8-5f67ae 10779->10782 10787 5f6b82 call 548c70 10781->10787 10783 5f67b2-5f67d4 call 52e8a0 10782->10783 10784 5f67b0 10782->10784 10791 5f67d6-5f67e2 10783->10791 10792 5f6802-5f6871 call 512df0 FindFirstFileA 10783->10792 10784->10783 10790 5f6b87-5f6b8f call 548c70 10787->10790 10794 5f67f8-5f67ff call 5438f3 10791->10794 10795 5f67e4-5f67f2 10791->10795 10801 5f6aaa 10792->10801 10802 5f6877 10792->10802 10794->10792 10795->10787 10795->10794 10803 5f6aac-5f6ab6 10801->10803 10804 5f6880-5f6889 10802->10804 10805 5f6ab8-5f6ac4 10803->10805 10806 5f6ae4-5f6b00 10803->10806 10807 5f6890-5f6895 10804->10807 10810 5f6ada-5f6ae1 call 5438f3 10805->10810 10811 5f6ac6-5f6ad4 10805->10811 10808 5f6b2a-5f6b64 call 542baa 10806->10808 10809 5f6b02-5f6b0e 10806->10809 10807->10807 10812 5f6897-5f68a2 10807->10812 10815 5f6b20-5f6b27 call 5438f3 10809->10815 10816 5f6b10-5f6b1e 10809->10816 10810->10806 10811->10790 10811->10810 10813 5f68ad-5f68b0 10812->10813 10814 5f68a4-5f68a7 10812->10814 10820 5f68c3-5f68e9 10813->10820 10821 5f68b2-5f68b5 10813->10821 10814->10813 10819 5f6a2e-5f6a41 FindNextFileA 10814->10819 10815->10808 10816->10790 10816->10815 10819->10804 10828 5f6a47-5f6a5b FindClose GetLastError 10819->10828 10820->10781 10826 5f68ef-5f68f5 10820->10826 10821->10820 10825 5f68b7-5f68bd 10821->10825 10825->10819 10825->10820 10829 5f68f9-5f6921 call 52e8a0 10826->10829 10830 5f68f7 10826->10830 10828->10803 10831 5f6a5d-5f6a63 10828->10831 10840 5f6924-5f6929 10829->10840 10830->10829 10833 5f6a67-5f6a75 SetFileAttributesA 10831->10833 10834 5f6a65 10831->10834 10836 5f6a77-5f6a80 10833->10836 10837 5f6a82-5f6a86 10833->10837 10834->10833 10836->10803 10838 5f6a8a-5f6a93 RemoveDirectoryA 10837->10838 10839 5f6a88 10837->10839 10838->10801 10842 5f6a95-5f6a9e 10838->10842 10839->10838 10840->10840 10843 5f692b-5f69d9 call 528f00 call 512df0 * 3 10840->10843 10842->10803 10853 5f69db-5f69ee call 5f66f0 10843->10853 10854 5f69f9-5f6a12 SetFileAttributesA 10843->10854 10853->10803 10859 5f69f4-5f69f7 10853->10859 10856 5f6a18-5f6a2c DeleteFileA 10854->10856 10857 5f6aa0-5f6aa8 GetLastError 10854->10857 10856->10819 10856->10857 10857->10803 10859->10819
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileA.KERNELBASE(00000000,?,006994F8,?,?,?,\*.*,00000004), ref: 005F6865
                                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?,?,006994F8,?,?), ref: 005F6A0A
                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 005F6A24
                                                                                                                                        • FindNextFileA.KERNELBASE(?,00000010), ref: 005F6A38
                                                                                                                                        • FindClose.KERNEL32(?), ref: 005F6A4A
                                                                                                                                        • GetLastError.KERNEL32 ref: 005F6A50
                                                                                                                                        • SetFileAttributesA.KERNELBASE(?,00000080), ref: 005F6A6D
                                                                                                                                        • RemoveDirectoryA.KERNELBASE(?), ref: 005F6A8B
                                                                                                                                        • GetLastError.KERNEL32 ref: 005F6AA0
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005F6B67
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005F6B78
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Find$AttributesCpp_errorErrorLastThrow_std::_$CloseDeleteDirectoryFirstNextRemove
                                                                                                                                        • String ID: \*.*
                                                                                                                                        • API String ID: 460640838-1173974218
                                                                                                                                        • Opcode ID: 7fbf412907c37470485d75ab03528b7ddeac6dc16c57b958d5c37c65906f909f
                                                                                                                                        • Instruction ID: ecf98110e6f3a04af3e4a780f4063b19fcbd69bcf497083fc490238ac95a06b2
                                                                                                                                        • Opcode Fuzzy Hash: 7fbf412907c37470485d75ab03528b7ddeac6dc16c57b958d5c37c65906f909f
                                                                                                                                        • Instruction Fuzzy Hash: 35D1ED70D01249CFDB20DFA8C9487EEBFB1FF45304F208259E595AB292D7B89A85CB51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005A6330 Relevance: 19.3, APIs: 5, Strings: 5, Instructions: 1775stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 005A6484
                                                                                                                                        • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 005A6582
                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 005A6775
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005A7FF8
                                                                                                                                        • lstrlen.KERNEL32(?), ref: 005A84CF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PrivateProfile$FolderNamesPathSectionStringUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                        • String ID: @+'f$[2?$`gn+$cannot use operator[] with a string argument with $cannot use push_back() with
                                                                                                                                        • API String ID: 3203477177-818090161
                                                                                                                                        • Opcode ID: b49b436342399e7db39bcdbc7e336b63200faddc90e60b2933b39bf4c2dcaf4e
                                                                                                                                        • Instruction ID: 3a0c7fa63f5d628c2555c77d43348f5dc7620c91c7a1f9e63bfe992a21b833ab
                                                                                                                                        • Opcode Fuzzy Hash: b49b436342399e7db39bcdbc7e336b63200faddc90e60b2933b39bf4c2dcaf4e
                                                                                                                                        • Instruction Fuzzy Hash: A32300B4D052698BDB25CF28C8847EEBBB5BF49304F1482D9E849A7241DB356BC4CF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005A8630 Relevance: 17.9, APIs: 4, Strings: 5, Instructions: 2129stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 005A8784
                                                                                                                                        • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 005A8882
                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 005A8A78
                                                                                                                                        • lstrlen.KERNEL32(?), ref: 005AAD91
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                        • String ID: (2?$[2?$cannot use operator[] with a string argument with $cannot use push_back() with $J6
                                                                                                                                        • API String ID: 1311570089-2412125412
                                                                                                                                        • Opcode ID: 685aa518ac49932da1787c577bbaf742446fcafbcb72f4079cd52de5c62493b5
                                                                                                                                        • Instruction ID: 1e17cbd684fdd229deedc9769ed6414cbfe6e6e046bfd017235ed45013bf7252
                                                                                                                                        • Opcode Fuzzy Hash: 685aa518ac49932da1787c577bbaf742446fcafbcb72f4079cd52de5c62493b5
                                                                                                                                        • Instruction Fuzzy Hash: BF4321B0D052698BDB25CF28C8847EEBBB5BF49304F1482D9E449A7242DB756BC4CF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005AAEE0 Relevance: 15.9, APIs: 4, Strings: 4, Instructions: 1876stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 005AB0D8
                                                                                                                                        • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 005AB1E5
                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 005AB3D8
                                                                                                                                        • lstrlen.KERNEL32(?), ref: 005AD1AD
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                        • String ID: [2?$[2?$cannot use operator[] with a string argument with $cannot use push_back() with
                                                                                                                                        • API String ID: 1311570089-2514930191
                                                                                                                                        • Opcode ID: 691bf99d01951b5946793e3b41878abc7e8d7c61093600fe20a505af1c5f015f
                                                                                                                                        • Instruction ID: 6c2821d31004022642f7b9f86b0ddff0fb258ea1d5c84c3048b7860b209df68b
                                                                                                                                        • Opcode Fuzzy Hash: 691bf99d01951b5946793e3b41878abc7e8d7c61093600fe20a505af1c5f015f
                                                                                                                                        • Instruction Fuzzy Hash: 5B2311B4D052698BDB25CF28C8947EDBBB5BF49304F1082D9E849A7242DB356F84CF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005D8510 Relevance: 12.1, APIs: 8, Instructions: 92networkCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 12295 5d8510-5d8542 WSAStartup 12296 5d8548-5d8572 call 5fa3a0 * 2 12295->12296 12297 5d8616-5d861f 12295->12297 12302 5d857e-5d85c4 getaddrinfo 12296->12302 12303 5d8574-5d8578 12296->12303 12304 5d85c6-5d85cc 12302->12304 12305 5d8610 WSACleanup 12302->12305 12303->12297 12303->12302 12306 5d85ce 12304->12306 12307 5d8624-5d862e FreeAddrInfoW 12304->12307 12305->12297 12308 5d85d4-5d85e8 socket 12306->12308 12307->12305 12309 5d8630-5d8638 12307->12309 12308->12305 12310 5d85ea-5d85fa connect 12308->12310 12311 5d85fc-5d8604 closesocket 12310->12311 12312 5d8620 12310->12312 12311->12308 12313 5d8606-5d860a FreeAddrInfoW 12311->12313 12312->12307 12313->12305
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddrFreeInfo$CleanupStartupclosesocketconnectgetaddrinfosocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 448659506-0
                                                                                                                                        • Opcode ID: 41b86eb365b89d420baee6a46509469ce8cfb8d2f5674d797b9994ab0557e562
                                                                                                                                        • Instruction ID: 2af3f46394fd720252eb8fc5986f4226fef6ee05972fe9ba7d430cf54000e088
                                                                                                                                        • Opcode Fuzzy Hash: 41b86eb365b89d420baee6a46509469ce8cfb8d2f5674d797b9994ab0557e562
                                                                                                                                        • Instruction Fuzzy Hash: D3318571A05700AFD7209F29DC4462ABBE5FB85734F104B1EF965A23E1D770A804CA93
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005AD320 Relevance: 12.1, APIs: 4, Strings: 2, Instructions: 1570stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 005AD474
                                                                                                                                        • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 005AD572
                                                                                                                                        • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 005AD765
                                                                                                                                        • lstrlen.KERNEL32(?), ref: 005AEEB2
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                        • String ID: cannot use operator[] with a string argument with $cannot use push_back() with
                                                                                                                                        • API String ID: 1311570089-3306948993
                                                                                                                                        • Opcode ID: 1b0375717a39bd6d5e457806ce0ee5dacf19cb791f975cc130ab19de1354f0a4
                                                                                                                                        • Instruction ID: 02c53e58dd1b7436f3030955af1eea476d35542dd0b1e91dac95b3b4fabe2fd3
                                                                                                                                        • Opcode Fuzzy Hash: 1b0375717a39bd6d5e457806ce0ee5dacf19cb791f975cc130ab19de1354f0a4
                                                                                                                                        • Instruction Fuzzy Hash: 040345B0D042698BDB25DF28C8857EEBBB5BF49304F1481D9E849A7241EB716F84CF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005D6D00 Relevance: 9.3, APIs: 3, Strings: 2, Instructions: 535fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 12753 5d6d00-5d6d5c 12754 5d6f84-5d6f98 call 5439b3 12753->12754 12755 5d6d62-5d6d71 call 542b99 12753->12755 12754->12755 12760 5d6f9e-5d6fca call 518710 call 5438de call 543962 12754->12760 12761 5d6fcf-5d6fd1 call 542534 12755->12761 12762 5d6d77-5d6d81 12755->12762 12760->12755 12764 5d6fd6-5d712d call 542534 call 52ae80 call 5263b0 call 5f7440 DeleteFileA call 5459b0 call 545270 call 5459b0 call 545270 call 5459b0 call 545270 12761->12764 12763 5d6d87-5d6e7f call 5fa3a0 call 52ab20 call 52ad80 call 519280 call 512df0 12762->12763 12762->12764 12793 5d6f35-5d6f83 call 5263b0 call 542baa call 512df0 * 2 12763->12793 12794 5d6e85-5d6e8c 12763->12794 12823 5d712f-5d7136 12764->12823 12824 5d7140-5d7145 call 528dc0 12764->12824 12794->12793 12797 5d6e92-5d6e9e GetPEB 12794->12797 12800 5d6ea0-5d6eb4 12797->12800 12803 5d6f07-5d6f09 12800->12803 12804 5d6eb6-5d6ebb 12800->12804 12803->12800 12804->12803 12807 5d6ebd-5d6ec3 12804->12807 12808 5d6ec5-5d6eda 12807->12808 12811 5d6efd-5d6f05 12808->12811 12812 5d6edc 12808->12812 12811->12803 12811->12808 12817 5d6ee0-5d6ef3 12812->12817 12817->12817 12820 5d6ef5-5d6efb 12817->12820 12820->12811 12822 5d6f0b-5d6f2f 12820->12822 12822->12793 12822->12797 12825 5d7138 12823->12825 12826 5d713a-5d713e 12823->12826 12829 5d714a-5d7151 12824->12829 12825->12826 12826->12829 12830 5d7155-5d7169 12829->12830 12831 5d7153 12829->12831 12832 5d716d-5d7184 12830->12832 12833 5d716b 12830->12833 12831->12830 12834 5d7188-5d71a4 12832->12834 12835 5d7186 12832->12835 12833->12832 12836 5d71a8-5d71af 12834->12836 12837 5d71a6 12834->12837 12835->12834 12838 5d71b1 12836->12838 12839 5d71b3-5d726f call 545270 call 5fa3a0 12836->12839 12837->12836 12838->12839 12844 5d7272-5d7277 12839->12844 12844->12844 12845 5d7279-5d72c7 call 513040 call 519280 call 5fa3a0 12844->12845 12852 5d72cd-5d7393 call 518f20 call 5fa3a0 12845->12852 12853 5d72c9 12845->12853 12858 5d7396-5d739b 12852->12858 12853->12852 12858->12858 12859 5d739d-5d73b8 call 513040 call 519280 12858->12859 12863 5d73bd-5d73cc 12859->12863 12864 5d73ed-5d73f6 12863->12864 12865 5d73ce-5d73d5 12863->12865 12866 5d73f8-5d73ff 12864->12866 12867 5d7416-5d7443 call 512df0 * 2 12864->12867 12865->12864 12868 5d73d7-5d73e4 12865->12868 12866->12867 12869 5d7401-5d740d 12866->12869 12868->12864 12875 5d73e6-5d73e8 12868->12875 12869->12867 12876 5d740f-5d7411 12869->12876 12875->12864 12876->12867
                                                                                                                                        APIs
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005D6FD1
                                                                                                                                          • Part of subcall function 00542534: __EH_prolog3.LIBCMT ref: 00542570
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005D6FE2
                                                                                                                                          • Part of subcall function 005F7440: __fread_nolock.LIBCMT ref: 005F7589
                                                                                                                                        • DeleteFileA.KERNELBASE(?), ref: 005D706B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cpp_errorThrow_std::_$DeleteFileH_prolog3__fread_nolock
                                                                                                                                        • String ID: 131$combo
                                                                                                                                        • API String ID: 3880692912-825670192
                                                                                                                                        • Opcode ID: 2cfd7e1f50d0439ee3b7b79e184e9705616f30c4b3e3bf4f0c7e6dcdf5921ceb
                                                                                                                                        • Instruction ID: 62d8a7f9621a5c59f1c2536c950cfb5097bb3d2f084a9f4de5a6bb5a011e357b
                                                                                                                                        • Opcode Fuzzy Hash: 2cfd7e1f50d0439ee3b7b79e184e9705616f30c4b3e3bf4f0c7e6dcdf5921ceb
                                                                                                                                        • Instruction Fuzzy Hash: 3B32ACB0D04249DFCF14DFA8D9857EEBBB5BF88304F14415AE8056B382E735AA45CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0060AC30 Relevance: 9.2, Strings: 7, Instructions: 484COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 12878 60ac30-60ac4e call 60be30 12881 60ac54-60ac5d 12878->12881 12882 60b28e-60b294 12878->12882 12883 60ac63-60ac69 12881->12883 12884 60ac5f-60ac61 12881->12884 12886 60ac6b-60ac6d 12883->12886 12887 60ac6f-60ac80 12883->12887 12885 60ac83-60ac89 12884->12885 12888 60ac93-60ac9a 12885->12888 12889 60ac8b-60ac91 12885->12889 12886->12885 12887->12885 12890 60aca2-60acbf call 65a020 12888->12890 12891 60ac9c 12888->12891 12889->12890 12894 60acc5-60acd7 call 5459b0 12890->12894 12895 60b278 12890->12895 12891->12890 12900 60acd9-60ace0 12894->12900 12901 60ad1b-60ad20 12894->12901 12896 60b27a 12895->12896 12899 60b27f-60b284 call 65b040 12896->12899 12910 60b286-60b28b 12899->12910 12903 60ace2-60acf4 call 659cc0 12900->12903 12904 60acf9-60ad09 12900->12904 12905 60ad22-60ad29 12901->12905 12906 60ad2c-60ade4 call 65a7f0 12901->12906 12903->12896 12904->12901 12917 60ad0b-60ad16 call 659cc0 12904->12917 12905->12906 12915 60ade6-60adf4 call 657500 12906->12915 12916 60ae49-60aeb8 call 60b2a0 * 4 12906->12916 12910->12882 12925 60adf7 12915->12925 12927 60adf9-60adfe 12916->12927 12941 60aebe 12916->12941 12917->12896 12925->12927 12929 60ae00-60ae07 12927->12929 12930 60ae0a-60ae12 12927->12930 12929->12930 12932 60ae18-60ae1d 12930->12932 12933 60b24b-60b251 12930->12933 12932->12933 12937 60ae23-60ae28 12932->12937 12933->12896 12935 60b253-60b25c 12933->12935 12935->12899 12939 60b25e-60b260 12935->12939 12937->12933 12940 60ae2e-60ae48 12937->12940 12939->12910 12942 60b262-60b277 12939->12942 12943 60aec3-60aec7 12941->12943 12943->12943 12944 60aec9-60aedf 12943->12944 12945 60af30 12944->12945 12946 60aee1-60aeed 12944->12946 12947 60af32-60af45 call 6560e0 12945->12947 12948 60af20-60af2e 12946->12948 12949 60aeef-60aef1 12946->12949 12954 60af47-60af4a 12947->12954 12955 60af4c 12947->12955 12948->12947 12951 60aef3-60af12 12949->12951 12951->12951 12953 60af14-60af1d 12951->12953 12953->12948 12956 60af4e-60af93 call 60b2a0 call 60b500 12954->12956 12955->12956 12961 60afb3-60b001 call 62b950 * 2 12956->12961 12962 60af95-60afae call 657500 12956->12962 12961->12925 12969 60b007-60b032 call 657500 call 60b640 12961->12969 12962->12925 12974 60b0d4-60b0e2 12969->12974 12975 60b038-60b03d 12969->12975 12977 60b1f1-60b1fb 12974->12977 12978 60b0e8-60b0ed 12974->12978 12976 60b040-60b044 12975->12976 12976->12976 12979 60b046-60b057 12976->12979 12980 60b1fd-60b202 12977->12980 12981 60b20f-60b213 12977->12981 12982 60b0f0-60b0f7 12978->12982 12985 60b063-60b07b call 62bb00 12979->12985 12986 60b059-60b060 12979->12986 12980->12981 12987 60b204-60b209 12980->12987 12981->12927 12988 60b219-60b21f 12981->12988 12983 60b0f9-60b0fb 12982->12983 12984 60b0fd-60b10c 12982->12984 12989 60b118-60b11e 12983->12989 12984->12989 13001 60b10e-60b115 12984->13001 12998 60b099-60b09e 12985->12998 12999 60b07d-60b096 call 60b640 12985->12999 12986->12985 12987->12927 12987->12981 12988->12927 12991 60b225-60b23e call 657500 call 60bb00 12988->12991 12994 60b120-60b125 12989->12994 12995 60b127-60b12c 12989->12995 13010 60b243-60b246 12991->13010 13002 60b12f-60b131 12994->13002 12995->13002 13005 60b0a0-60b0b0 call 657500 12998->13005 13006 60b0b5-60b0bf 12998->13006 12999->12998 13001->12989 13007 60b133-60b13a 13002->13007 13008 60b13d-60b144 13002->13008 13005->13006 13013 60b0c1-60b0c8 13006->13013 13014 60b0cb-60b0ce 13006->13014 13007->13008 13015 60b172-60b174 13008->13015 13016 60b146-60b157 13008->13016 13010->12927 13013->13014 13014->12974 13020 60b0d0 13014->13020 13018 60b1e0-60b1eb 13015->13018 13019 60b176-60b17d 13015->13019 13026 60b159-60b16c call 657500 13016->13026 13027 60b16f 13016->13027 13018->12977 13018->12982 13023 60b1d6 13019->13023 13024 60b17f-60b186 13019->13024 13020->12974 13031 60b1dd 13023->13031 13028 60b192-60b1b2 13024->13028 13029 60b188-60b18f 13024->13029 13026->13027 13027->13015 13035 60b1b4 13028->13035 13036 60b1ba-60b1cb 13028->13036 13029->13028 13031->13018 13035->13036 13036->13018 13038 60b1cd-60b1d4 13036->13038 13038->13031
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$no such vfs: %s$sqlite_rename_table
                                                                                                                                        • API String ID: 0-1885142750
                                                                                                                                        • Opcode ID: ee59143c571d9f4024b7893414dc0de64a849c6ab3320a7e8c52c34734875a49
                                                                                                                                        • Instruction ID: 67e89bd8ca6679f4fd0457795d496f32ca3b1a31412bcd36e8aafc08b9735e1a
                                                                                                                                        • Opcode Fuzzy Hash: ee59143c571d9f4024b7893414dc0de64a849c6ab3320a7e8c52c34734875a49
                                                                                                                                        • Instruction Fuzzy Hash: D6027AB0A807009BEB24DF64DC457AB7BE7EF40344F04852DE84A9B7D1E7B1A985CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005EE3B0 Relevance: 8.2, APIs: 5, Instructions: 731fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 13215 5ee3b0-5ee4bb call 5459b0 SHGetFolderPathA 13218 5ee4c0-5ee4c5 13215->13218 13218->13218 13219 5ee4c7-5ee4e3 call 513040 13218->13219 13222 5ee4e6-5ee4eb 13219->13222 13222->13222 13223 5ee4ed-5ee5cd call 52fbf0 call 528f00 13222->13223 13228 5ee5fe-5ee626 13223->13228 13229 5ee5cf-5ee5de 13223->13229 13232 5ee628-5ee637 13228->13232 13233 5ee657-5ee68a call 5f6c20 13228->13233 13230 5ee5f4-5ee5fb call 5438f3 13229->13230 13231 5ee5e0-5ee5ee 13229->13231 13230->13228 13231->13230 13234 5eef96 call 548c70 13231->13234 13236 5ee64d-5ee654 call 5438f3 13232->13236 13237 5ee639-5ee647 13232->13237 13245 5eef16-5eef26 13233->13245 13246 5ee690-5ee74a call 52ab20 call 5f6cf0 13233->13246 13243 5eef9b call 512c60 13234->13243 13236->13233 13237->13234 13237->13236 13252 5eefa0 call 512c60 13243->13252 13249 5eef28-5eef37 13245->13249 13250 5eef53-5eef95 call 512df0 * 2 13245->13250 13267 5eea94-5eeb24 13246->13267 13268 5ee750-5ee830 call 52ab20 call 52ad80 call 512df0 call 5f6c20 13246->13268 13253 5eef49-5eef50 call 5438f3 13249->13253 13254 5eef39-5eef47 13249->13254 13263 5eefa5 call 512c60 13252->13263 13253->13250 13254->13253 13259 5eefaa-5eefaf call 548c70 13254->13259 13263->13259 13272 5eeb27-5eeb2c 13267->13272 13287 5ee857-5ee902 call 52ab20 13268->13287 13288 5ee832-5ee851 CreateDirectoryA 13268->13288 13272->13272 13274 5eeb2e-5eeb39 13272->13274 13274->13252 13276 5eeb3f-5eeba7 call 52e8a0 call 5f6c20 call 512df0 13274->13276 13276->13245 13290 5eebad-5eec81 call 52ab20 call 52ad80 call 512df0 call 5f6c20 13276->13290 13296 5ee906-5ee999 13287->13296 13297 5ee904 13287->13297 13288->13287 13291 5eea85-5eea8f call 512df0 13288->13291 13312 5eec9f-5eed2f 13290->13312 13313 5eec83-5eec99 CreateDirectoryA 13290->13313 13291->13267 13299 5ee9a0-5ee9a5 13296->13299 13297->13296 13299->13299 13301 5ee9a7-5ee9b2 13299->13301 13301->13243 13303 5ee9b8-5eea31 call 52e8a0 CopyFileA call 512df0 * 2 13301->13303 13321 5eea3e-5eea7b call 512cf0 call 5f66f0 call 512df0 13303->13321 13322 5eea33-5eea3c 13303->13322 13316 5eed32-5eed37 13312->13316 13313->13312 13315 5eef07 13313->13315 13317 5eef0a-5eef11 call 512df0 13315->13317 13316->13316 13319 5eed39-5eed42 13316->13319 13317->13245 13319->13263 13323 5eed48-5eedd7 call 52e8a0 call 512df0 * 2 call 5f6c20 13319->13323 13324 5eea80 13321->13324 13322->13324 13338 5eedd9-5eedef CreateDirectoryA 13323->13338 13339 5eedf5-5eeec1 call 5263b0 call 52ab20 call 5efe80 13323->13339 13324->13291 13338->13317 13338->13339 13346 5eeece-5eef02 call 512cf0 call 5f66f0 call 512df0 13339->13346 13347 5eeec3-5eeecc 13339->13347 13346->13315 13347->13315
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 005EE41D
                                                                                                                                          • Part of subcall function 005F6C20: GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                          • Part of subcall function 005F6C20: GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CCF
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CE0
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EE849
                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000000), ref: 005EEA03
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EEC91
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 005EEDE7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectory$Cpp_errorFileThrow_std::_$AttributesCopyErrorFolderLastPath
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1001086254-0
                                                                                                                                        • Opcode ID: 72db8909f0a3ed8284b40642fe359b2b355aed16e1c1db3610c2eb3e2b0c25fe
                                                                                                                                        • Instruction ID: 849e002974227dec360f2c595c1a60b004219938f78f2f6457551ac22753de1b
                                                                                                                                        • Opcode Fuzzy Hash: 72db8909f0a3ed8284b40642fe359b2b355aed16e1c1db3610c2eb3e2b0c25fe
                                                                                                                                        • Instruction Fuzzy Hash: 688204B0C0425A8BDF15CFA8D995BEEBBB0BF58304F144199D949BB242E7305A85CFA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005D6A80 Relevance: 4.7, APIs: 3, Instructions: 206encryptionCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 005D6AD7
                                                                                                                                        • LocalFree.KERNEL32(?), ref: 005D6B06
                                                                                                                                        • LocalFree.KERNEL32(?), ref: 005D6C02
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeLocal$CryptDataUnprotect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2835072361-0
                                                                                                                                        • Opcode ID: bfa01b4b477a761b7520b713380b58c3ced7abdc4cb8245157d66a7cf5cc3f9c
                                                                                                                                        • Instruction ID: d6de4f2bfe70806e37089ee048e12a515871b208102c0dea9a6cb539f3e864e1
                                                                                                                                        • Opcode Fuzzy Hash: bfa01b4b477a761b7520b713380b58c3ced7abdc4cb8245157d66a7cf5cc3f9c
                                                                                                                                        • Instruction Fuzzy Hash: 1871D071C04249ABDB10DFA8C8457EEFFB4FF55310F14826AE850A3391EB786A45CBA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0064F480 Relevance: 3.5, APIs: 2, Instructions: 484COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0064F635
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0064F937
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 885266447-0
                                                                                                                                        • Opcode ID: f8636678fa727509c75bb81e2b7695c98995f72401039149ebadcb934e8d301c
                                                                                                                                        • Instruction ID: 652345f2cd81a8fb352e24025b59001c058ff95a6bd135764658715479168be2
                                                                                                                                        • Opcode Fuzzy Hash: f8636678fa727509c75bb81e2b7695c98995f72401039149ebadcb934e8d301c
                                                                                                                                        • Instruction Fuzzy Hash: 8202CF71604602AFDB58CF28C850BAAB7E6BF88314F04867DE849CB750D774EC95CB92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0055002D Relevance: .3, Instructions: 318COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: ee47e869768dbd39638bedd3dcef9445f2320fba7adf85636d6437d6e0d28aea
                                                                                                                                        • Instruction ID: 453d04050936919637cc73d407184df4d27b4bf4854017083dc6469917f4d58d
                                                                                                                                        • Opcode Fuzzy Hash: ee47e869768dbd39638bedd3dcef9445f2320fba7adf85636d6437d6e0d28aea
                                                                                                                                        • Instruction Fuzzy Hash: 55B1A574900A0B9BCF248FA8C9796BEBFB1BF44302F142A1BDC52976D1C7359949CB52
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005D7A80 Relevance: 18.3, APIs: 12, Instructions: 279networksleepCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 11189 5d7a80-5d7ab8 11190 5d7e4c-5d7e60 11189->11190 11191 5d7abe 11189->11191 11192 5d7ac4-5d7acc 11191->11192 11193 5d7ace-5d7af4 call 5d8510 11192->11193 11194 5d7b07-5d7b50 setsockopt recv WSAGetLastError 11192->11194 11197 5d7af9-5d7b01 11193->11197 11194->11190 11196 5d7b56-5d7b59 11194->11196 11198 5d7b5f-5d7b66 11196->11198 11199 5d7daa-5d7dd3 call 543069 call 568660 11196->11199 11197->11194 11200 5d7e37-5d7e46 Sleep 11197->11200 11201 5d7b6c-5d7bc8 call 528dc0 recv 11198->11201 11202 5d7d95-5d7da5 recv 11198->11202 11206 5d7e2f-5d7e31 Sleep 11199->11206 11213 5d7dd5 11199->11213 11200->11190 11200->11192 11209 5d7bce-5d7be9 recv 11201->11209 11210 5d7d43-5d7d50 11201->11210 11202->11206 11206->11200 11209->11210 11212 5d7bef-5d7c2a 11209->11212 11214 5d7d7e-5d7d90 11210->11214 11215 5d7d52-5d7d5e 11210->11215 11216 5d7c9d-5d7cfd call 5263b0 call 518d50 call 5d7e70 11212->11216 11217 5d7c2c-5d7c31 11212->11217 11218 5d7ddf-5d7e17 call 519280 11213->11218 11219 5d7dd7-5d7ddd 11213->11219 11214->11206 11220 5d7d74-5d7d7b call 5438f3 11215->11220 11221 5d7d60-5d7d6e 11215->11221 11239 5d7cff-5d7d0b 11216->11239 11240 5d7d2b-5d7d3f 11216->11240 11222 5d7c47-5d7c51 call 528dc0 11217->11222 11223 5d7c33-5d7c45 11217->11223 11230 5d7e1c-5d7e2a 11218->11230 11219->11206 11219->11218 11220->11214 11221->11220 11225 5d7e61-5d7e66 call 548c70 11221->11225 11228 5d7c56-5d7c9b setsockopt recv 11222->11228 11223->11228 11228->11216 11230->11206 11241 5d7d0d-5d7d1b 11239->11241 11242 5d7d21-5d7d23 call 5438f3 11239->11242 11240->11210 11241->11225 11241->11242 11244 5d7d28 11242->11244 11244->11240
                                                                                                                                        APIs
                                                                                                                                        • setsockopt.WS2_32(00000374,0000FFFF,00001006,?,00000008), ref: 005D7B26
                                                                                                                                        • recv.WS2_32(?,00000004,00000002), ref: 005D7B41
                                                                                                                                        • WSAGetLastError.WS2_32 ref: 005D7B45
                                                                                                                                        • recv.WS2_32(00000000,0000000C,00000002,00000000), ref: 005D7BC3
                                                                                                                                        • recv.WS2_32(00000000,0000000C,00000008), ref: 005D7BE4
                                                                                                                                        • setsockopt.WS2_32(0000FFFF,00001006,?,00000008,?), ref: 005D7C80
                                                                                                                                        • recv.WS2_32(00000000,?,00000008), ref: 005D7C9B
                                                                                                                                          • Part of subcall function 005D8510: WSAStartup.WS2_32 ref: 005D853A
                                                                                                                                          • Part of subcall function 005D8510: getaddrinfo.WS2_32(?,?,?,00699328), ref: 005D85BC
                                                                                                                                          • Part of subcall function 005D8510: socket.WS2_32(?,?,?), ref: 005D85DD
                                                                                                                                          • Part of subcall function 005D8510: connect.WS2_32(00000000,00669B1C,?), ref: 005D85F1
                                                                                                                                          • Part of subcall function 005D8510: closesocket.WS2_32(00000000), ref: 005D85FD
                                                                                                                                          • Part of subcall function 005D8510: FreeAddrInfoW.WS2_32(?), ref: 005D860A
                                                                                                                                          • Part of subcall function 005D8510: WSACleanup.WS2_32 ref: 005D8610
                                                                                                                                        • recv.WS2_32(?,00000004,00000008), ref: 005D7DA3
                                                                                                                                        • __Xtime_get_ticks.LIBCPMT ref: 005D7DAA
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005D7DB8
                                                                                                                                        • Sleep.KERNELBASE(00000001,00000000,?,00002710,00000000), ref: 005D7E31
                                                                                                                                        • Sleep.KERNELBASE(00000064,?,00002710,00000000), ref: 005D7E39
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: recv$Sleepsetsockopt$AddrCleanupErrorFreeInfoLastStartupUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@closesocketconnectgetaddrinfosocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3089209366-0
                                                                                                                                        • Opcode ID: 6654191a9f938864bd9543a048d6f628d2593d582557ac4b2fde9f689cf9bd0e
                                                                                                                                        • Instruction ID: 4529a3a9882412fcb84fc1514b15d4ee576fd4bcf6dfbbbf642b8ae0914f9cb4
                                                                                                                                        • Opcode Fuzzy Hash: 6654191a9f938864bd9543a048d6f628d2593d582557ac4b2fde9f689cf9bd0e
                                                                                                                                        • Instruction Fuzzy Hash: 70B18C71D04308DBEB20DFA8CC49BADBFB6BB59304F10425AE414AB6E2E7705984CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0056E0C0 Relevance: 17.4, APIs: 11, Instructions: 889COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 11656 56e0c0-56e1c6 call 51b8e0 call 5232d0 call 52ab20 CreateDirectoryA 11663 56e861-56e868 11656->11663 11664 56e1cc-56e1d0 11656->11664 11665 56e86e-56e90a call 5232d0 call 52ab20 CreateDirectoryA 11663->11665 11666 56f0ed-56f3d2 call 512df0 11663->11666 11667 56e1d2-56e1ed 11664->11667 11683 56e910-56e914 11665->11683 11684 56f0de-56f0e8 call 512df0 11665->11684 11669 56e825-56e850 call 5263b0 call 5eefb0 11667->11669 11670 56e1f3-56e33d call 5263b0 * 4 call 5232d0 call 52ab20 call 52ad80 call 512df0 call 5f6c20 11667->11670 11669->11663 11690 56e852-56e859 call 5f66f0 11669->11690 11728 56e33f-56e357 CreateDirectoryA 11670->11728 11729 56e35d-56e430 call 5232d0 call 52ab20 call 52ad80 call 5262c0 call 512df0 * 2 call 5f6c20 11670->11729 11687 56e916-56e931 11683->11687 11684->11666 11691 56e937-56ea87 call 5263b0 * 4 call 5232d0 call 52ab20 call 52ad80 call 512df0 call 5f6c20 11687->11691 11692 56f09f-56f0cd call 5263b0 call 5e7580 11687->11692 11698 56e85e 11690->11698 11746 56eaa7-56eb7a call 5232d0 call 52ab20 call 52ad80 call 5262c0 call 512df0 * 2 call 5f6c20 11691->11746 11747 56ea89-56eaa1 CreateDirectoryA 11691->11747 11692->11684 11708 56f0cf-56f0d6 call 5f66f0 11692->11708 11698->11663 11714 56f0db 11708->11714 11714->11684 11728->11729 11731 56e7d4-56e820 call 512df0 * 5 11728->11731 11779 56e432-56e44a CreateDirectoryA 11729->11779 11780 56e450-56e457 11729->11780 11731->11667 11806 56eb7c-56eb94 CreateDirectoryA 11746->11806 11807 56eb9a-56eba1 11746->11807 11747->11746 11750 56f04e-56f09a call 512df0 * 5 11747->11750 11750->11687 11779->11731 11779->11780 11783 56e560-56e564 11780->11783 11784 56e45d-56e51d call 5232d0 call 52ab20 call 52ad80 call 512df0 call 5f6c20 11780->11784 11787 56e566-56e5c9 call 5232d0 11783->11787 11788 56e5ce-56e5d2 11783->11788 11841 56e542-56e54c call 526290 11784->11841 11842 56e51f-56e540 CreateDirectoryA 11784->11842 11801 56e684-56e772 call 512cf0 call 5232d0 call 52ab20 call 52ae20 call 5262c0 call 512df0 * 3 call 5f6c20 11787->11801 11794 56e5d4-56e637 call 5232d0 11788->11794 11795 56e639-56e67f call 5232d0 11788->11795 11794->11801 11795->11801 11894 56e774-56e78c CreateDirectoryA 11801->11894 11895 56e78e-56e7ce call 5263b0 * 2 call 5efe80 11801->11895 11806->11750 11806->11807 11810 56eba7-56ec67 call 5232d0 call 52ab20 call 52ad80 call 512df0 call 5f6c20 11807->11810 11811 56ecaa-56ecae 11807->11811 11872 56ec8c-56ec96 call 526290 11810->11872 11873 56ec69-56ec8a CreateDirectoryA 11810->11873 11815 56ecb4-56ed4e call 5232d0 call 52ab20 call 5f6c20 11811->11815 11816 56edc3-56edc7 11811->11816 11857 56ed73-56edb1 call 5263b0 * 2 call 5efe80 11815->11857 11858 56ed50-56ed71 CreateDirectoryA 11815->11858 11821 56ee31-56ee35 11816->11821 11822 56edc9-56ee2c call 5232d0 11816->11822 11824 56ee37-56ee9a call 5232d0 11821->11824 11825 56ee9c-56eefa call 5232d0 11821->11825 11840 56eeff-56efce call 512cf0 call 5232d0 call 52ab20 call 52ae20 call 512df0 * 2 call 5f6c20 11822->11840 11824->11840 11825->11840 11900 56eff3-56f039 call 5263b0 * 2 call 5efe80 11840->11900 11901 56efd0-56eff1 CreateDirectoryA 11840->11901 11847 56e551-56e55b call 512df0 11841->11847 11842->11841 11842->11847 11847->11783 11862 56edb4-56edbe 11857->11862 11858->11857 11858->11862 11870 56f049 call 512df0 11862->11870 11870->11750 11877 56ec9b-56eca5 call 512df0 11872->11877 11873->11872 11873->11877 11877->11811 11894->11731 11894->11895 11895->11731 11911 56e7d0 11895->11911 11903 56f03f-56f043 11900->11903 11914 56f03b 11900->11914 11901->11900 11901->11903 11903->11870 11911->11731 11914->11903
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0051B8E0: CreateDirectoryA.KERNELBASE(?,00000000), ref: 0051BA08
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0056E1C2
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 0056E353
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 0056E446
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 0056E53C
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 0056E788
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0056E906
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 0056EA9D
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 0056EB90
                                                                                                                                          • Part of subcall function 005F6C20: GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                          • Part of subcall function 005F6C20: GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 0056EC86
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CCF
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CE0
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 0056ED6D
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 0056EFED
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectory$Cpp_errorThrow_std::_$AttributesErrorFileLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 453214671-0
                                                                                                                                        • Opcode ID: e10ba393eccaf9f90300857f86b545632de70bd85a7cca79b07b3d3ccc82f8b7
                                                                                                                                        • Instruction ID: 987cc667a05b77c5a355e340e3fe7415983b24b888ca7d459ededf205164dd80
                                                                                                                                        • Opcode Fuzzy Hash: e10ba393eccaf9f90300857f86b545632de70bd85a7cca79b07b3d3ccc82f8b7
                                                                                                                                        • Instruction Fuzzy Hash: 67A220B0D052A98BDB25DB64DC99BDDBBB4BF55300F0040E9E44AA7282EB345F89CF51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005F46A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 291registryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 12264 5f46a0-5f49f8 call 5459b0 RegGetValueA 12267 5f49fa-5f4a09 12264->12267 12268 5f4a28-5f4a2c 12264->12268 12269 5f4a10-5f4a15 12267->12269 12270 5f4b2d-5f4b40 12268->12270 12271 5f4a32-5f4a64 call 5459b0 GetComputerNameExA 12268->12271 12269->12269 12272 5f4a17-5f4a23 call 526130 12269->12272 12276 5f4a88-5f4a8c 12271->12276 12277 5f4a66-5f4a6f 12271->12277 12272->12268 12276->12270 12278 5f4a92-5f4abd call 5459b0 LsaOpenPolicy 12276->12278 12279 5f4a70-5f4a75 12277->12279 12284 5f4abf-5f4ad0 LsaQueryInformationPolicy 12278->12284 12285 5f4b05-5f4b12 12278->12285 12279->12279 12281 5f4a77-5f4a83 call 526130 12279->12281 12281->12276 12286 5f4afc-5f4aff LsaClose 12284->12286 12287 5f4ad2-5f4ad9 12284->12287 12288 5f4b15-5f4b1a 12285->12288 12286->12285 12289 5f4ade-5f4af6 call 513440 LsaFreeMemory 12287->12289 12290 5f4adb 12287->12290 12288->12288 12291 5f4b1c-5f4b28 call 526130 12288->12291 12289->12286 12290->12289 12291->12270
                                                                                                                                        APIs
                                                                                                                                        • RegGetValueA.KERNELBASE(80000002,?,?,0001FFFF,?,?,00000104), ref: 005F49F0
                                                                                                                                        • GetComputerNameExA.KERNELBASE(00000002,?,00000104), ref: 005F4A5C
                                                                                                                                        • LsaOpenPolicy.ADVAPI32(00000000,00697684,00000001,?), ref: 005F4AB5
                                                                                                                                        • LsaQueryInformationPolicy.ADVAPI32(?,0000000C,?), ref: 005F4AC8
                                                                                                                                        • LsaFreeMemory.ADVAPI32(?), ref: 005F4AF6
                                                                                                                                        • LsaClose.ADVAPI32(?), ref: 005F4AFF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Policy$CloseComputerFreeInformationMemoryNameOpenQueryValue
                                                                                                                                        • String ID: %wZ
                                                                                                                                        • API String ID: 762890658-705104578
                                                                                                                                        • Opcode ID: 3c1f3f741268781990df89175224978091475749993d7f59a88df4f537162ef3
                                                                                                                                        • Instruction ID: 81237a64dc987a5c7bf4adb04f2124f908add5fe2639c0848997098f5392b416
                                                                                                                                        • Opcode Fuzzy Hash: 3c1f3f741268781990df89175224978091475749993d7f59a88df4f537162ef3
                                                                                                                                        • Instruction Fuzzy Hash: 7BE1F2B4D0425A9BDB14CF98C986BEEBBB5FF08304F204199EA49B7341D7705A84CFA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00558910 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 12645 558910-558920 12646 558922-558935 call 5516ec call 5516ff 12645->12646 12647 55893a-55893c 12645->12647 12661 558c94 12646->12661 12649 558942-558948 12647->12649 12650 558c7c-558c89 call 5516ec call 5516ff 12647->12650 12649->12650 12653 55894e-558977 12649->12653 12667 558c8f call 548c60 12650->12667 12653->12650 12656 55897d-558986 12653->12656 12659 5589a0-5589a2 12656->12659 12660 558988-55899b call 5516ec call 5516ff 12656->12660 12664 558c78-558c7a 12659->12664 12665 5589a8-5589ac 12659->12665 12660->12667 12666 558c97-558c9a 12661->12666 12664->12666 12665->12664 12669 5589b2-5589b6 12665->12669 12667->12661 12669->12660 12670 5589b8-5589cf 12669->12670 12673 558a04-558a0a 12670->12673 12674 5589d1-5589d4 12670->12674 12678 558a0c-558a13 12673->12678 12679 5589de-5589f5 call 5516ec call 5516ff call 548c60 12673->12679 12676 5589d6-5589dc 12674->12676 12677 5589fa-558a02 12674->12677 12676->12677 12676->12679 12681 558a77-558a96 12677->12681 12682 558a15 12678->12682 12683 558a17-558a35 call 55b094 call 55b01a * 2 12678->12683 12710 558baf 12679->12710 12685 558b52-558b5b call 563be3 12681->12685 12686 558a9c-558aa8 12681->12686 12682->12683 12714 558a37-558a4d call 5516ff call 5516ec 12683->12714 12715 558a52-558a75 call 5525fd 12683->12715 12699 558b5d-558b6f 12685->12699 12700 558bcc 12685->12700 12686->12685 12691 558aae-558ab0 12686->12691 12691->12685 12692 558ab6-558ad7 12691->12692 12692->12685 12696 558ad9-558aef 12692->12696 12696->12685 12701 558af1-558af3 12696->12701 12699->12700 12705 558b71-558b80 GetConsoleMode 12699->12705 12703 558bd0-558be6 ReadFile 12700->12703 12701->12685 12706 558af5-558b18 12701->12706 12708 558c44-558c4f GetLastError 12703->12708 12709 558be8-558bee 12703->12709 12705->12700 12711 558b82-558b86 12705->12711 12706->12685 12713 558b1a-558b30 12706->12713 12716 558c51-558c63 call 5516ff call 5516ec 12708->12716 12717 558c68-558c6b 12708->12717 12709->12708 12718 558bf0 12709->12718 12712 558bb2-558bbc call 55b01a 12710->12712 12711->12703 12719 558b88-558ba0 ReadConsoleW 12711->12719 12712->12666 12713->12685 12721 558b32-558b34 12713->12721 12714->12710 12715->12681 12716->12710 12728 558c71-558c73 12717->12728 12729 558ba8-558bae call 5516a5 12717->12729 12725 558bf3-558c05 12718->12725 12726 558bc1-558bca 12719->12726 12727 558ba2 GetLastError 12719->12727 12721->12685 12732 558b36-558b4d 12721->12732 12725->12712 12736 558c07-558c0b 12725->12736 12726->12725 12727->12729 12728->12712 12729->12710 12732->12685 12740 558c24-558c31 12736->12740 12741 558c0d-558c1d call 558622 12736->12741 12742 558c33 call 558779 12740->12742 12743 558c3d-558c42 call 558468 12740->12743 12750 558c20-558c22 12741->12750 12751 558c38-558c3b 12742->12751 12743->12751 12750->12712 12751->12750
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cef4e7d6d23022ec4c0bd4e3701c458dfe323b63ad92a36f2c46e89fbf5aeae1
                                                                                                                                        • Instruction ID: 2d5a5efa4d019733597b49920023b2ee80e93cbf42ebeb5d75da04f5938f671a
                                                                                                                                        • Opcode Fuzzy Hash: cef4e7d6d23022ec4c0bd4e3701c458dfe323b63ad92a36f2c46e89fbf5aeae1
                                                                                                                                        • Instruction Fuzzy Hash: 8BB138B0A04246AFDB01DF98C8A5BBE7FB5BF85312F14055BEC04AB291CB709D49CB64
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005E6B20 Relevance: 9.2, APIs: 6, Instructions: 164fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 13040 5e6b20-5e6b58 GetLastError 13041 5e6b5e-5e6b71 13040->13041 13042 5e6c99-5e6cb1 CopyFileA 13040->13042 13045 5e6b74-5e6b79 13041->13045 13043 5e6cf3-5e6d05 13042->13043 13044 5e6cb3-5e6cb8 GetLastError 13042->13044 13046 5e6cdf-5e6cf2 13044->13046 13047 5e6cba-5e6cbc call 5f7760 13044->13047 13045->13045 13048 5e6b7b-5e6bda call 539070 call 5459b0 6E837CF0 13045->13048 13051 5e6cc1-5e6cde CopyFileA 13047->13051 13055 5e6c74-5e6c93 SetLastError call 5288d0 13048->13055 13056 5e6be0-5e6c1b call 525eb0 13048->13056 13055->13042 13063 5e6c1d-5e6c43 13056->13063 13064 5e6c62-5e6c6f call 5288d0 13056->13064 13067 5e6c4d-5e6c51 13063->13067 13068 5e6c45-5e6c4b 13063->13068 13064->13055 13067->13064 13069 5e6c53-5e6c60 13067->13069 13068->13064 13068->13067 13069->13064
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 005E6B53
                                                                                                                                        • 6E837CF0.RSTRTMGR(?,00000000,?), ref: 005E6BD0
                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 005E6C7E
                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000000), ref: 005E6CA5
                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 005E6CB3
                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000000), ref: 005E6CC7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$CopyFile$E837
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1618156657-0
                                                                                                                                        • Opcode ID: 94872c8a2fe7a52790506553510da64dfbcca8efeae606f1e7505d86dcc8d3fa
                                                                                                                                        • Instruction ID: 0ecb7397193c81df33cfa16276874e8ff1e218780e05553ea1c65ccb257a2ad3
                                                                                                                                        • Opcode Fuzzy Hash: 94872c8a2fe7a52790506553510da64dfbcca8efeae606f1e7505d86dcc8d3fa
                                                                                                                                        • Instruction Fuzzy Hash: 2051CF72D01219ABDB11CFA4DC44BEEBBB9FF49360F10026AE948B7290D7756E05CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00519280 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382libraryloadernetworkCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 13353 519280-5192dd call 5263b0 13356 519413-519521 call 512df0 call 5fa3a0 13353->13356 13357 5192e3-5192e9 13353->13357 13371 519523-519535 13356->13371 13372 519537-51953f call 528dc0 13356->13372 13358 5192f0-519313 13357->13358 13360 519315-51931f 13358->13360 13361 519324-519331 13358->13361 13363 519403-519406 13360->13363 13364 519333-51933d 13361->13364 13365 519342-51934f 13361->13365 13367 519409-51940d 13363->13367 13364->13363 13368 519351-51935b 13365->13368 13369 519360-51936d 13365->13369 13367->13356 13367->13358 13368->13363 13373 51936f-519379 13369->13373 13374 51937e-51938b 13369->13374 13377 519544-519597 call 5fa3a0 * 2 13371->13377 13372->13377 13373->13363 13375 519399-5193a6 13374->13375 13376 51938d-519397 13374->13376 13379 5193b4-5193c1 13375->13379 13380 5193a8-5193b2 13375->13380 13376->13363 13390 519599-5195c8 call 5fa3a0 call 545270 13377->13390 13391 5195cb-5195e1 call 5fa3a0 13377->13391 13382 5193c3-5193cd 13379->13382 13383 5193cf-5193dc 13379->13383 13380->13363 13382->13363 13385 5193ea-5193f4 13383->13385 13386 5193de-5193e8 13383->13386 13385->13367 13389 5193f6-5193ff 13385->13389 13386->13363 13389->13363 13390->13391 13396 5196e2 13391->13396 13397 5195e7-5195ed 13391->13397 13400 5196e6-5196f0 13396->13400 13399 5195f0-5196ce GetModuleHandleA GetProcAddress WSASend 13397->13399 13402 5196d4-5196dc 13399->13402 13403 51975f-519763 13399->13403 13404 5196f2-5196fe 13400->13404 13405 51971e-51973d 13400->13405 13402->13396 13402->13399 13403->13400 13406 519700-51970e 13404->13406 13407 519714-51971b call 5438f3 13404->13407 13408 51976f-519796 13405->13408 13409 51973f-51974b 13405->13409 13406->13407 13410 519797-5197fe call 548c70 call 512df0 * 2 13406->13410 13407->13405 13412 519765-51976c call 5438f3 13409->13412 13413 51974d-51975b 13409->13413 13412->13408 13413->13410 13417 51975d 13413->13417 13417->13412
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(Ws2_32.dll), ref: 005196A6
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 005196B4
                                                                                                                                        • WSASend.WS2_32(?,?,00000001,?,00000000,00000000,00000000), ref: 005196C9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProcSend
                                                                                                                                        • String ID: Ws2_32.dll
                                                                                                                                        • API String ID: 2819740048-3093949381
                                                                                                                                        • Opcode ID: a1df515680ca72104b65961309b7e5207060236a130f4674961564f596a93e52
                                                                                                                                        • Instruction ID: e9688f173af97c56434658ff548cc2e6b35165d9ff55cbd080145a3efe56f1d8
                                                                                                                                        • Opcode Fuzzy Hash: a1df515680ca72104b65961309b7e5207060236a130f4674961564f596a93e52
                                                                                                                                        • Instruction Fuzzy Hash: 3B02BC70D04298DEEF25CFA4C8A07EDBFB0FF55714F244289E4866B286D7741986CB92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005A3AE0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 264registryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 13487 5a3ae0-5a3d11 call 5523ec call 5459b0 call 5523ec call 5459b0 RegOpenKeyExA 13496 5a3e9b-5a3eaf 13487->13496 13497 5a3d17-5a3d3f RegQueryValueExA RegCloseKey 13487->13497 13497->13496 13498 5a3d45-5a3d54 13497->13498 13499 5a3d57-5a3d5c 13498->13499 13499->13499 13500 5a3d5e-5a3d93 call 513040 13499->13500 13503 5a3d99-5a3df4 call 513040 call 545270 13500->13503 13504 5a3eb0 call 529e60 13500->13504 13513 5a3e21-5a3e49 call 551c96 13503->13513 13514 5a3df6-5a3e01 13503->13514 13508 5a3eb5 call 548c70 13504->13508 13512 5a3eba-5a3ebf call 548c70 13508->13512 13522 5a3e4b-5a3e57 13513->13522 13523 5a3e73-5a3e9a 13513->13523 13516 5a3e03-5a3e11 13514->13516 13517 5a3e17-5a3e1e call 5438f3 13514->13517 13516->13508 13516->13517 13517->13513 13525 5a3e69-5a3e70 call 5438f3 13522->13525 13526 5a3e59-5a3e67 13522->13526 13525->13523 13526->13512 13526->13525
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00000001,?), ref: 005A3D09
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,?), ref: 005A3D2C
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 005A3D37
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                        • String ID: 21o
                                                                                                                                        • API String ID: 3677997916-1934072765
                                                                                                                                        • Opcode ID: 85cb9407d3d6d96c1fd092e0460e457e248db2d76f514b7837bb07978aa0f6de
                                                                                                                                        • Instruction ID: 637f96a0f2dfdd02f2e00ae3fa22f310c2d971794eb3843587c8e5df3f648557
                                                                                                                                        • Opcode Fuzzy Hash: 85cb9407d3d6d96c1fd092e0460e457e248db2d76f514b7837bb07978aa0f6de
                                                                                                                                        • Instruction Fuzzy Hash: FDC147B1D0420A9BDB14CFA8C986BEEBBB5FF48314F204159E905B7391D7356A84CFA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005737B0 Relevance: 6.9, APIs: 3, Instructions: 2365COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 005F6C20: GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                          • Part of subcall function 005F6C20: GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                          • Part of subcall function 005F6B90: CreateDirectoryA.KERNELBASE(?,00000000,00000005), ref: 005F6BD5
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00575C30
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 00575F55
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CCF
                                                                                                                                          • Part of subcall function 005F6C20: std::_Throw_Cpp_error.LIBCPMT ref: 005F6CE0
                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 00575E46
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectory$Cpp_errorThrow_std::_$AttributesErrorFileLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 453214671-0
                                                                                                                                        • Opcode ID: 6008f6087078a295ea4dbf323955027255635a06f80f0a06bfc73e50a506274b
                                                                                                                                        • Instruction ID: a9a6086eb6d4933dfcd5eac5cbdc576e87fd944455c7ebbb3cbcdc1f0f261725
                                                                                                                                        • Opcode Fuzzy Hash: 6008f6087078a295ea4dbf323955027255635a06f80f0a06bfc73e50a506274b
                                                                                                                                        • Instruction Fuzzy Hash: 7553BCB4D052698BDB65DF14D994BEDBBB4BF89300F0081E9A44EA7291DB342F84DF81
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005F6C20 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNELBASE(?,?,?,00570384), ref: 005F6C7C
                                                                                                                                        • GetLastError.KERNEL32(?,?,00570384), ref: 005F6C87
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005F6CCF
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005F6CE0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cpp_errorThrow_std::_$AttributesErrorFileLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 995686243-0
                                                                                                                                        • Opcode ID: 74322d1c2a51bf743665007a425c2ab5c9b4e0877df42998488c169cd3634ada
                                                                                                                                        • Instruction ID: 59eeb61d8f005eac00d049d987ad4dd1057c3a3ab025b4274c05fdfaa4c6062e
                                                                                                                                        • Opcode Fuzzy Hash: 74322d1c2a51bf743665007a425c2ab5c9b4e0877df42998488c169cd3634ada
                                                                                                                                        • Instruction Fuzzy Hash: 02119B7090020996CF245F6CA8197B93F59FB42B24F200319E1F28BAC0CB354C018662
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005E6710 Relevance: 4.8, APIs: 3, Instructions: 278fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000000), ref: 005E69A0
                                                                                                                                          • Part of subcall function 005E6B20: GetLastError.KERNEL32(?,00000000), ref: 005E6B53
                                                                                                                                          • Part of subcall function 005E6B20: 6E837CF0.RSTRTMGR(?,00000000,?), ref: 005E6BD0
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005E6B04
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005E6B15
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cpp_errorThrow_std::_$CopyE837ErrorFileLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1216363052-0
                                                                                                                                        • Opcode ID: b77c5723c9e12aa8fc19540f1c65474100c057368df91f022a3c53006084b89c
                                                                                                                                        • Instruction ID: 8a706682ad7291f0e4087cd3dcbedadb2854d25b146846b2b5fefc58c438e2ac
                                                                                                                                        • Opcode Fuzzy Hash: b77c5723c9e12aa8fc19540f1c65474100c057368df91f022a3c53006084b89c
                                                                                                                                        • Instruction Fuzzy Hash: CDD19AB0C00249DBDB04CFA8D9457EEBFB1BF55304F248199D445B7282EB755B89CBA2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005F6B90 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,00000005), ref: 005F6BD5
                                                                                                                                          • Part of subcall function 00542BAA: RtlReleaseSRWLockExclusive.NTDLL(005F6CB0), ref: 00542BBE
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005F6C04
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005F6C15
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cpp_errorThrow_std::_$CreateDirectoryExclusiveLockRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1881651058-0
                                                                                                                                        • Opcode ID: e83721b2111301c0dc9bd5bc5d5c7dda343804fba7fdfa502c609e690aa4daa4
                                                                                                                                        • Instruction ID: 016421f57e6342e438bdebb394b960c475a68fe1763e3df387711dfd2b62eac6
                                                                                                                                        • Opcode Fuzzy Hash: e83721b2111301c0dc9bd5bc5d5c7dda343804fba7fdfa502c609e690aa4daa4
                                                                                                                                        • Instruction Fuzzy Hash: D4F021B0900215ABD7109F9CAD0ABAA7BEDE745B24F10032DF8358B7C0E7B10C0186A6
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0055B9D0 Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DeleteFileW.KERNELBASE(?,?,0054D2B1,?), ref: 0055B9D8
                                                                                                                                        • GetLastError.KERNEL32(?,0054D2B1,?), ref: 0055B9E2
                                                                                                                                        • __dosmaperr.LIBCMT ref: 0055B9E9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DeleteErrorFileLast__dosmaperr
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1545401867-0
                                                                                                                                        • Opcode ID: 117bbeba483036820734d7ab10f45945daf08876440d6d3b84eed13a1ad215e1
                                                                                                                                        • Instruction ID: 5af0c4999c8aabc0a90c70f34772a879c63e9a5a3a19ce694f5b00989054f664
                                                                                                                                        • Opcode Fuzzy Hash: 117bbeba483036820734d7ab10f45945daf08876440d6d3b84eed13a1ad215e1
                                                                                                                                        • Instruction Fuzzy Hash: E1D012326145097B9B006FF6FC0C9167F6DABC13757242612F92CC55A0DF71C8959654
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005F5770 Relevance: 3.4, APIs: 2, Instructions: 350COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 005F580F
                                                                                                                                        • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 005F5B1B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DirectoryInformationVolumeWindows
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3487004747-0
                                                                                                                                        • Opcode ID: 9d20b25aca0b562b4c638eac26170e83a9ccf30069abd37bad681dcb9f07a0f0
                                                                                                                                        • Instruction ID: 7f40395c8f036389707ddd57930b37e08562f75d5518941a544fbcb93f93e607
                                                                                                                                        • Opcode Fuzzy Hash: 9d20b25aca0b562b4c638eac26170e83a9ccf30069abd37bad681dcb9f07a0f0
                                                                                                                                        • Instruction Fuzzy Hash: 8CF144B0D0024A9BDB14CFA8D985BEEFFB1BF48304F244259E545BB341E7756A84CBA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00559789 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00558E9F: GetConsoleOutputCP.KERNEL32(52D829BA,00000000,00000000,0054D0C7), ref: 00558F02
                                                                                                                                        • WriteFile.KERNELBASE(?,00000000,?,?,00000000,00000000,00000000,?,005F6DBC,?,0054CFE7,005F6DBC,?,00689E10,00000010,0054D0C7), ref: 0055990E
                                                                                                                                        • GetLastError.KERNEL32(?,0054CFE7,005F6DBC,?,00689E10,00000010,0054D0C7,005F6DBC,?,00000000,?), ref: 00559918
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2915228174-0
                                                                                                                                        • Opcode ID: 6b9e2ad9af0d430db79250f61a7068e4444de1a2558a92840956ea2b5709f39b
                                                                                                                                        • Instruction ID: 9d573acb762c39e1fece096802f22643ccd4f10b7253226453dd116ffc91a2ab
                                                                                                                                        • Opcode Fuzzy Hash: 6b9e2ad9af0d430db79250f61a7068e4444de1a2558a92840956ea2b5709f39b
                                                                                                                                        • Instruction Fuzzy Hash: 86618371D0411AEFDF118FA8C854AEEBFB9BF4A305F14054AED04A7256D73AD909CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005E6570 Relevance: 3.1, APIs: 2, Instructions: 131COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005E66EA
                                                                                                                                        • std::_Throw_Cpp_error.LIBCPMT ref: 005E66FB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cpp_errorThrow_std::_
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2134207285-0
                                                                                                                                        • Opcode ID: 26e7919c2219cd9df0e5e5e0ec6b257f03437aa4c2d9061bbba23d2432fd1b35
                                                                                                                                        • Instruction ID: 8ce65647308b31bb37e2e55134086b492d3b7062c57dbb84e7bece5ac38ef402
                                                                                                                                        • Opcode Fuzzy Hash: 26e7919c2219cd9df0e5e5e0ec6b257f03437aa4c2d9061bbba23d2432fd1b35
                                                                                                                                        • Instruction Fuzzy Hash: 214125719102419BCB24DF6CD84136EBBA6BB90350F18032EE855977C1E731DA04CBA2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00558DFF Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00558CE6,00000000,CF830579,0068A178,0000000C,00558DA2,0054D07D,?), ref: 00558E55
                                                                                                                                        • GetLastError.KERNEL32(?,00558CE6,00000000,CF830579,0068A178,0000000C,00558DA2,0054D07D,?), ref: 00558E5F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1687624791-0
                                                                                                                                        • Opcode ID: ad16ea17232cba6c567406ed8964cec37c0707efd2af2b06bebf4af33d0e385e
                                                                                                                                        • Instruction ID: 08827329d45a877a00863b86c7863eae774b62ee0139380a7bf0a360df2b68c0
                                                                                                                                        • Opcode Fuzzy Hash: ad16ea17232cba6c567406ed8964cec37c0707efd2af2b06bebf4af33d0e385e
                                                                                                                                        • Instruction Fuzzy Hash: 9D116B336041205AC7292B34AC6B77E2F6D7BC2736F28061BFD18AB1D2DF709C898251
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0055251C Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointerEx.KERNELBASE(00000000,00000000,0054D0C7,00000000,00000002,00000000,00000000,00000000,00000000,?,00552656,00000000,00000000,0054D0C7,00000002,00000000), ref: 00552558
                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00552656,00000000,00000000,0054D0C7,00000002,00000000,?,0055982E,00000000,00000000,00000000,00000002,0054D0C7,00000000), ref: 00552565
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                        • Opcode ID: d8a9c3aa90bb28c7b555802be29151dee89e1e302d6a2e292f86316cc030cfe7
                                                                                                                                        • Instruction ID: 34337c62868199ae917531a54ac60d4d13f50c8a82ba12f9ae8867fc2f5c5894
                                                                                                                                        • Opcode Fuzzy Hash: d8a9c3aa90bb28c7b555802be29151dee89e1e302d6a2e292f86316cc030cfe7
                                                                                                                                        • Instruction Fuzzy Hash: 2001C432610115AFCF098F69DC6599E7F6AFB86321F24020AFC119B2A1F671EA458B90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0055B01A Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000000,?,00561B48,?,00000000,?,?,00561DE9,?,00000007,?,?,005622DD,?,?), ref: 0055B030
                                                                                                                                        • GetLastError.KERNEL32(?,?,00561B48,?,00000000,?,?,00561DE9,?,00000007,?,?,005622DD,?,?), ref: 0055B03B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                        • Opcode ID: cb7f847d4cfacb38d04c5b136674218a82e6e602c1c1b30debe263cf635f7ae7
                                                                                                                                        • Instruction ID: e6835364e06adb8549f2fb2f711601fb74eedf72ac2e5402708d86e252257af7
                                                                                                                                        • Opcode Fuzzy Hash: cb7f847d4cfacb38d04c5b136674218a82e6e602c1c1b30debe263cf635f7ae7
                                                                                                                                        • Instruction Fuzzy Hash: 82E08632500604A7DB112FA4EC1CB953F5ABF40752F04802AFB18974F0D7748954C794
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005D7E70 Relevance: 1.9, APIs: 1, Instructions: 399COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 46ae3d1b002459f3624128ab5bf0eb385aa24a504f55982e8060207ea67d8849
                                                                                                                                        • Instruction ID: c21bf4935ce09ecff83279ec0fd48f9b736b5c371c655b487409418f58b1ecec
                                                                                                                                        • Opcode Fuzzy Hash: 46ae3d1b002459f3624128ab5bf0eb385aa24a504f55982e8060207ea67d8849
                                                                                                                                        • Instruction Fuzzy Hash: 2202BD70D04248DADF20DFA8C9497EDBFB1BF55304F14419AD8096B382DBB55E88DBA2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00525350 Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0052546E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 118556049-0
                                                                                                                                        • Opcode ID: 4d5201c289b3c3040b027bd4a197651dc70e2d2533358aeb2ef63f65c24b222e
                                                                                                                                        • Instruction ID: 702c6b1fd44f3db0b2e36eb6ce12a6c4d8cbfbd6696458ec93efa817f3073b2a
                                                                                                                                        • Opcode Fuzzy Hash: 4d5201c289b3c3040b027bd4a197651dc70e2d2533358aeb2ef63f65c24b222e
                                                                                                                                        • Instruction Fuzzy Hash: 1A6186B1A00625DFCB10DF59C984BAAFBF4FF89310F24816AE4199B391D775EA41CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00533800 Relevance: 1.7, APIs: 1, Instructions: 174COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 005339F6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 118556049-0
                                                                                                                                        • Opcode ID: 0f8dfdcd281579d8485e49bce36b49e61922858251978af35ded1cd305ca0d14
                                                                                                                                        • Instruction ID: 43bc68ab6aee992c7334bf453d9e506c1e0520e107e391469ae9848b1e578dca
                                                                                                                                        • Opcode Fuzzy Hash: 0f8dfdcd281579d8485e49bce36b49e61922858251978af35ded1cd305ca0d14
                                                                                                                                        • Instruction Fuzzy Hash: 0F51B672A001059FCB14DF6CDD86A9DBFA6BB89300F14462EE405E77E5D771EA00CBA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00548E02 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 739e8e26df62ddf78eca7d5901fed8d45cdd2a5412f17f31db73c567b810a6f0
                                                                                                                                        • Instruction ID: 13516aa4064addd5dd8b4871e2f5cc79ecbc92ed27581f98d347c1597afe07f1
                                                                                                                                        • Opcode Fuzzy Hash: 739e8e26df62ddf78eca7d5901fed8d45cdd2a5412f17f31db73c567b810a6f0
                                                                                                                                        • Instruction Fuzzy Hash: 5151B470A00104BFDB14DF58C885AFE7FA6FF89328F248559F8199B252D7719E45CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00539E20 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00539F7B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 118556049-0
                                                                                                                                        • Opcode ID: 1df2a4e0321bcc3962d966937d0a8797df2650a6bfd600e0de5b01625875f71d
                                                                                                                                        • Instruction ID: 7411e1b32257a9a667c2f337ab4633889a4ba6212b7f0c24c1d0cba3c4fb9e38
                                                                                                                                        • Opcode Fuzzy Hash: 1df2a4e0321bcc3962d966937d0a8797df2650a6bfd600e0de5b01625875f71d
                                                                                                                                        • Instruction Fuzzy Hash: 4641B1B2E001169FCB14DF68C9459AEBFB9FB89350F24422AE815E7385D7709E018BE0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005F75C0 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __fread_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2638373210-0
                                                                                                                                        • Opcode ID: e12a3896d419e91a9cf9cdd27e3c117f633fccc464fcb6a6aaf0fcf6022293ad
                                                                                                                                        • Instruction ID: 6878476ff8a5410005d3548826e35be009f1cc02d1b4a03145e344e2edafdfe0
                                                                                                                                        • Opcode Fuzzy Hash: e12a3896d419e91a9cf9cdd27e3c117f633fccc464fcb6a6aaf0fcf6022293ad
                                                                                                                                        • Instruction Fuzzy Hash: 93515AB0D042499BDB20DF98D986BAEFBB4FF48714F10051DE9416B381E7756A44CBE2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005F7440 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __fread_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2638373210-0
                                                                                                                                        • Opcode ID: d128d083c46abeaddbe8b8fce8b74388853f8170a5075aadd41334301dbe3310
                                                                                                                                        • Instruction ID: 68d241be53fb0b52a6533b00008fe5e3fd339b99bbb7de938827d1e2f00b92bb
                                                                                                                                        • Opcode Fuzzy Hash: d128d083c46abeaddbe8b8fce8b74388853f8170a5075aadd41334301dbe3310
                                                                                                                                        • Instruction Fuzzy Hash: C9415DB1D00209DFDB00DF98D886BEEBBB4FF49714F104159E815AB381E7799A05CBA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00516870 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 00516908
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___std_fs_directory_iterator_open@12
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 29801545-0
                                                                                                                                        • Opcode ID: 1370f7c0bea0b7a2ba59976b2b0da8fe397391f6ad7d60f70a1129d100700c99
                                                                                                                                        • Instruction ID: 033e39f9363dd1ddbc17f34d2a4fdb225e6a0564efe34d9808ebd01752d0609a
                                                                                                                                        • Opcode Fuzzy Hash: 1370f7c0bea0b7a2ba59976b2b0da8fe397391f6ad7d60f70a1129d100700c99
                                                                                                                                        • Instruction Fuzzy Hash: 1F218F76E00619ABDB14DF48D845BEEBBB4FB84321F00066AEC19A3780DB356D45C7D0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005F5C80 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetupDiGetClassDevsA.SETUPAPI(0066D560,00000000,00000000), ref: 005F5CC7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClassDevsSetup
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2330331845-0
                                                                                                                                        • Opcode ID: 5dd6e15f4d092d90458ebdafb03755f43c69e8d6058d29e0469f6d62703f4ea6
                                                                                                                                        • Instruction ID: ae2329e3176f0b4e2b39932984703fc64572ea9945d9a1ea15ed1055c59e6749
                                                                                                                                        • Opcode Fuzzy Hash: 5dd6e15f4d092d90458ebdafb03755f43c69e8d6058d29e0469f6d62703f4ea6
                                                                                                                                        • Instruction Fuzzy Hash: FA11ACB0E04B489BD7208F18D90671ABFE4EB05B24F10471DE951977C1E7BA6A4487D2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005132D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0051331F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 118556049-0
                                                                                                                                        • Opcode ID: 6b439644f511b7bf5bd0b924e2b63d29697b7510f9c6a7035d7f710025fe36b7
                                                                                                                                        • Instruction ID: 2cc3261da65f61b633e98fe160c119c1012d0b147544b8a280355000225f5499
                                                                                                                                        • Opcode Fuzzy Hash: 6b439644f511b7bf5bd0b924e2b63d29697b7510f9c6a7035d7f710025fe36b7
                                                                                                                                        • Instruction Fuzzy Hash: 0DF024321001029BEB146F60D4294E9BBE8FF64361750087AE89CC7222EB26DA80C780
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0055B9F8 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlReAllocateHeap.NTDLL(00000000,?,?,?), ref: 0055BA55
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                        • Opcode ID: 1fd053b72ff6ab698ae4f87165a8864eaf5be5c6e33e29a2a01bf3c1c52e49c4
                                                                                                                                        • Instruction ID: e39bd69173761143671bf3982cd6bd6946462362b59a4ac4a45bb3c08949769b
                                                                                                                                        • Opcode Fuzzy Hash: 1fd053b72ff6ab698ae4f87165a8864eaf5be5c6e33e29a2a01bf3c1c52e49c4
                                                                                                                                        • Instruction Fuzzy Hash: 36F0C8315111126AAB316A65DC3CB6F7F59FFC17B3F140217FC2466090DB30C8489161
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00516840 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00516853
                                                                                                                                          • Part of subcall function 00541F7B: FindNextFileW.KERNELBASE(?,?,?,00516858,?,?,?,?,0051691A,?,?,?,00000000,?,?), ref: 00541F84
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileFindNext___std_fs_directory_iterator_advance@8
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3878998205-0
                                                                                                                                        • Opcode ID: 0b9b7a2be4556d67719362d67afe6131e98dc99b1db50658bd5de953d38406f0
                                                                                                                                        • Instruction ID: 9d1e023d2b2cdbffb6eb057ffb19857b035cb9d1535371ee6209c4e5783cf705
                                                                                                                                        • Opcode Fuzzy Hash: 0b9b7a2be4556d67719362d67afe6131e98dc99b1db50658bd5de953d38406f0
                                                                                                                                        • Instruction Fuzzy Hash: 42D0C931704922713E25752B39299FF4ED96DD6BB4B45006AB959D3242FF188C8780EA
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 005566D5 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2272822880.0000000000511000.00000020.00000001.01000000.00000003.sdmp, Offset: 00510000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2272792458.0000000000510000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273006003.0000000000695000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273029672.000000000069A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273063249.00000000006B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273088788.00000000006B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273112638.00000000006B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000006C4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000082F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000831000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000833000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000837000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000086E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000870000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000872000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000876000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.0000000000878000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.000000000087C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2273138885.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2275588421.0000000000A16000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_510000_bUHMq54m6Q.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog3
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 431132790-0
                                                                                                                                        • Opcode ID: 21fd8eb171ae96391994c3f1a4261fe993afb46e28ed9cbd7daabda90b0cb9bd
                                                                                                                                        • Instruction ID: be9866072faff7882695877b10b70794d0281351242b44d58c805364d1cd1fc8
                                                                                                                                        • Opcode Fuzzy Hash: 21fd8eb171ae96391994c3f1a4261fe993afb46e28ed9cbd7daabda90b0cb9bd
                                                                                                                                        • Instruction Fuzzy Hash: 36E075B2C0020EAADB00DFD4C496BEFBBB8AB48314F504066A205E6141EB7897488BA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%