Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe

Overview

General Information

Sample name:T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
renamed because original name is a hash value
Original sample name:TBTAK SAGE TEKLF TALEP VE FYAT TEKLF sxlx..exe
Analysis ID:1446501
MD5:456442e5615445a54f15eae38140c50a
SHA1:f81074ce9855601a33b97fb357fbee1bbdd7fcf6
SHA256:0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to log keystrokes (.Net Source)
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses SMTP (mail sending)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "cp8nl.hyperhost.ua", "Username": "royallog@fibraunollc.top", "Password": " 7213575aceACE@#$  "}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
    T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMDDetects Windows exceutables bypassing UAC using CMSTP utility, command line and INFditekSHen
    • 0x14fa04:$s2: taskkill /IM cmstp.exe /F
    • 0x14f936:$s5: RunPreSetupCommands=RunPreSetupCommandsSection
    • 0x14fafa:$s6: "HKLM", "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CMMGR32.EXE", "ProfileInstallPath", "%UnexpectedError%", ""

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
      C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMDDetects Windows exceutables bypassing UAC using CMSTP utility, command line and INFditekSHen
      • 0x14fa04:$s2: taskkill /IM cmstp.exe /F
      • 0x14f936:$s5: RunPreSetupCommands=RunPreSetupCommandsSection
      • 0x14fafa:$s6: "HKLM", "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CMMGR32.EXE", "ProfileInstallPath", "%UnexpectedError%", ""

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000003.00000002.3233652969.00000000032B9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              00000000.00000000.1972524893.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                Click to see the 12 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                3.2.jsc.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  3.2.jsc.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    3.2.jsc.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x334e7:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x33559:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x335e3:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x33675:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x336df:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x33751:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x337e7:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x33877:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                        Click to see the 18 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Suspicious Outbound SMTP Connections
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.174.175.187, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe, Initiated: true, ProcessId: 6368, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49704

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "cp8nl.hyperhost.ua", "Username": "royallog@fibraunollc.top", "Password": " 7213575aceACE@#$ "}
                        Multi AV Scanner detection for dropped file
                        Source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeReversingLabs: Detection: 36%
                        Source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeVirustotal: Detection: 28%Perma Link
                        Multi AV Scanner detection for submitted file
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeReversingLabs: Detection: 36%
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeVirustotal: Detection: 28%Perma Link
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.0% probability

                        Exploits

                        barindex
                        Yara detected UAC Bypass using CMSTP
                        Source: Yara matchFile source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: SAMPLE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.0.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000000.1972524893.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe PID: 6548, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: DROPPED
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: global trafficTCP traffic: 192.168.2.5:49704 -> 185.174.175.187:587
                        Source: Joe Sandbox ViewIP Address: 185.174.175.187 185.174.175.187
                        Source: Joe Sandbox ViewASN Name: ITLDC-NLUA ITLDC-NLUA
                        Source: global trafficTCP traffic: 192.168.2.5:49704 -> 185.174.175.187:587
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficDNS traffic detected: DNS query: cp8nl.hyperhost.ua
                        Source: jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cp8nl.hyperhost.ua
                        Source: jsc.exe, 00000003.00000002.3233070835.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                        Source: jsc.exe, 00000003.00000002.3235153161.0000000006680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                        Source: jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                        Source: jsc.exe, 00000003.00000002.3233070835.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                        Source: jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidX
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameX
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drString found in binary or memory: https://aka.ms/dotnet-warnings/
                        Source: jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0

                        Key, Mouse, Clipboard, Microphone and Screen Capturing

                        barindex
                        Contains functionality to log keystrokes (.Net Source)
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, hxAF.cs.Net Code: gcE
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, hxAF.cs.Net Code: gcE

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: SAMPLEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen
                        Source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.0.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.2.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen
                        Source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: DROPPEDMatched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3405600_2_00007FF77C340560
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C328F500_2_00007FF77C328F50
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C33C1600_2_00007FF77C33C160
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C33EB100_2_00007FF77C33EB10
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C338D400_2_00007FF77C338D40
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3436000_2_00007FF77C343600
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C32FDA00_2_00007FF77C32FDA0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3427000_2_00007FF77C342700
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C337F100_2_00007FF77C337F10
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C317EC00_2_00007FF77C317EC0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C343F700_2_00007FF77C343F70
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3237200_2_00007FF77C323720
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3357F00_2_00007FF77C3357F0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C32F7F40_2_00007FF77C32F7F4
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3418000_2_00007FF77C341800
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3330100_2_00007FF77C333010
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3348900_2_00007FF77C334890
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3388C00_2_00007FF77C3388C0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3340D00_2_00007FF77C3340D0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3329340_2_00007FF77C332934
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3269D00_2_00007FF77C3269D0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3369D00_2_00007FF77C3369D0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3489D00_2_00007FF77C3489D0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C322A600_2_00007FF77C322A60
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3422900_2_00007FF77C342290
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C32E2F00_2_00007FF77C32E2F0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C33F3600_2_00007FF77C33F360
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C33DC300_2_00007FF77C33DC30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_01769BE23_2_01769BE2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_01764A983_2_01764A98
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_0176CDA83_2_0176CDA8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_01763E803_2_01763E80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_017641C83_2_017641C8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_065256F03_2_065256F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_06523F603_2_06523F60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_0652DD103_2_0652DD10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_0652BD183_2_0652BD18
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_06522AF83_2_06522AF8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_06528BA33_2_06528BA3
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_065200403_2_06520040
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_065232533_2_06523253
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 3_2_065250103_2_06525010
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: String function: 00007FF77C319B60 appears 51 times
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeBinary or memory string: OriginalFilename vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFunc6DeclareLocal.dllD vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec25e7689-8eb9-43a0-830e-91b697d7907d.exe4 vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFunc6DeclareLocal.dllD vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeBinary or memory string: OriginalFilenameFunc6DeclareLocal.dllD vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drBinary or memory string: OriginalFilenameFunc6DeclareLocal.dllD vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
                        Source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.0.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
                        Source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, N43UVggPg.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, N43UVggPg.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, MjzNdC.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, MjzNdC.csCryptographic APIs: 'TransformFinalBlock'
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@4/2@1/1
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C322890 LookupPrivilegeValueW,GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLargePageMinimum,VirtualAlloc,GetCurrentProcess,VirtualAllocExNuma,0_2_00007FF77C322890
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeFile created: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5972:120:WilError_03
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeReversingLabs: Detection: 36%
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeVirustotal: Detection: 28%
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeFile read: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe "C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe"
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeSection loaded: icu.dllJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: Image base 0x140000000 > 0x60000000
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic file information: File size 2070528 > 1048576
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: section name: .managed
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: section name: hydrated
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeStatic PE information: section name: _RDATA
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drStatic PE information: section name: .managed
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drStatic PE information: section name: hydrated
                        Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drStatic PE information: section name: _RDATA
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeFile created: \t#u00dcb#u0130tak sage tekl#u0130f talep ve f#u0130yat tekl#u0130f#u0130 sxlx..exe
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeFile created: \t#u00dcb#u0130tak sage tekl#u0130f talep ve f#u0130yat tekl#u0130f#u0130 sxlx..exe
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeFile created: \t#u00dcb#u0130tak sage tekl#u0130f talep ve f#u0130yat tekl#u0130f#u0130 sxlx..exeJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeFile created: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeJump to dropped file
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeFile created: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeJump to dropped file

                        Boot Survival

                        barindex
                        Drops PE files to the user root directory
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeFile created: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeMemory allocated: 286DCEF0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 1760000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 3240000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWindow / User API: threadDelayed 5216Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWindow / User API: threadDelayed 865Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -17524406870024063s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 3176Thread sleep count: 5216 > 30Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -99875s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -99766s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -99641s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 3176Thread sleep count: 865 > 30Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -99530s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -99422s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -99313s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -99188s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -99063s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98938s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98828s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98719s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98594s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98484s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98374s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98262s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98141s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -98031s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97922s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97812s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97703s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97594s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97484s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97370s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97250s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97141s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -97016s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -96891s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -96781s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -96672s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3224C0 GetSystemInfo,GetNumaHighestNodeNumber,GetCurrentProcess,GetProcessGroupAffinity,GetLastError,GetCurrentProcess,GetProcessAffinityMask,0_2_00007FF77C3224C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 99875Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 99766Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 99641Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 99530Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 99422Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 99313Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 99188Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 99063Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98938Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98828Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98719Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98594Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98484Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98374Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98262Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98141Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 98031Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97922Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97812Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97703Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97594Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97484Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97370Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97250Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97141Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 97016Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 96891Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 96781Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 96672Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: jsc.exe, 00000003.00000002.3235153161.0000000006640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllErroM
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C3155C0 RtlAddVectoredExceptionHandler,0_2_00007FF77C3155C0
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C379808 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF77C379808
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Allocates memory in foreign processes
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 400000 value starts with: 4D5AJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 400000Jump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 402000Jump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 43C000Jump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 43E000Jump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 11FE008Jump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C315270 cpuid 0_2_00007FF77C315270
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exeCode function: 0_2_00007FF77C31DD30 GetSystemTimeAsFileTime,0_2_00007FF77C31DD30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3233652969.00000000032B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3233652969.0000000003241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe PID: 6548, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: jsc.exe PID: 6368, type: MEMORYSTR
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: Yara matchFile source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3233652969.0000000003241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe PID: 6548, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: jsc.exe PID: 6368, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3233652969.00000000032B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.3233652969.0000000003241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe PID: 6548, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: jsc.exe PID: 6368, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		2
                        OS Credential Dumping                        		1
                        System Time Discovery                        		Remote Services11
                        Archive Collected Data                        		1
                        Encrypted Channel                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                        Access Token Manipulation                        		11
                        Deobfuscate/Decode Files or Information                        		1
                        Input Capture                        		1
                        File and Directory Discovery                        		Remote Desktop Protocol2
                        Data from Local System                        		1
                        Non-Standard Port                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)311
                        Process Injection                        		1
                        Obfuscated Files or Information                        		1
                        Credentials in Registry                        		36
                        System Information Discovery                        		SMB/Windows Admin Shares1
                        Email Collection                        		1
                        Non-Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        DLL Side-Loading                        		NTDS211
                        Security Software Discovery                        		Distributed Component Object Model1
                        Input Capture                        		11
                        Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script111
                        Masquerading                        		LSA Secrets1
                        Process Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts141
                        Virtualization/Sandbox Evasion                        		Cached Domain Credentials141
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                        Access Token Manipulation                        		DCSync1
                        Application Window Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                        Process Injection                        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe37%ReversingLabsWin64.Trojan.Generic
                        T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe28%VirustotalBrowse

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe37%ReversingLabsWin64.Trojan.Generic
                        C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe28%VirustotalBrowse

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        SourceDetectionScannerLabelLink
                        cp8nl.hyperhost.ua2%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                        https://sectigo.com/CPS00%URL Reputationsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid0%URL Reputationsafe
                        https://account.dyn.com/0%URL Reputationsafe
                        https://aka.ms/dotnet-warnings/0%URL Reputationsafe
                        http://ocsp.sectigo.com00%URL Reputationsafe
                        http://ocsp.sectigo.com00%URL Reputationsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidX0%Avira URL Cloudsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY0%Avira URL Cloudsafe
                        http://cp8nl.hyperhost.ua0%Avira URL Cloudsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameX0%Avira URL Cloudsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY0%VirustotalBrowse
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidX0%VirustotalBrowse
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameX0%VirustotalBrowse
                        http://cp8nl.hyperhost.ua2%VirustotalBrowse

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        cp8nl.hyperhost.ua
                        		185.174.175.187
                        		truetrueunknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidXT#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYT#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sectigo.com/CPS0jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidT#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exefalse
                        • URL Reputation: safe
                        		unknown
                        https://account.dyn.com/T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://aka.ms/dotnet-warnings/T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://ocsp.sectigo.com0jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameT#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://cp8nl.hyperhost.uajsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 2%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameXT#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        185.174.175.187
                        		cp8nl.hyperhost.uaUkraine
                        		21100ITLDC-NLUAtrue

                        General Information

                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1446501
                        Start date and time:2024-05-23 15:12:07 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 20s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:7
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                        renamed because original name is a hash value
                        Original Sample Name:TBTAK SAGE TEKLF TALEP VE FYAT TEKLF sxlx..exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.expl.evad.winEXE@4/2@1/1
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 56%
                        • Number of executed functions: 71
                        • Number of non-executed functions: 47
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        09:12:52API Interceptor30x Sleep call for process: jsc.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        185.174.175.187TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130sxlx..exeGet hashmaliciousAgentTeslaBrowse
                          TALEP VE F#U0130YAT TEKL#U0130F#U0130 FDP..exeGet hashmaliciousAgentTeslaBrowse
                            Unilever Unilever Sanayi ve Ticaret Turk AS Purchase Order PO11824729sxlx..exeGet hashmaliciousAgentTeslaBrowse
                              justificantes.scr.exeGet hashmaliciousAgentTeslaBrowse
                                TGPF4-MG-002_Material Requirement for Sour Service_A.scr.exeGet hashmaliciousAgentTeslaBrowse
                                  130 FDP..exeGet hashmaliciousAgentTeslaBrowse
                                    FACTURAS.scr.exeGet hashmaliciousAgentTeslaBrowse
                                      F#U0130YAT TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                        e-dekont_html.exeGet hashmaliciousAgentTeslaBrowse
                                          T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 _xlsx.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            cp8nl.hyperhost.uaTEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130sxlx..exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            TALEP VE F#U0130YAT TEKL#U0130F#U0130 FDP..exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            Unilever Unilever Sanayi ve Ticaret Turk AS Purchase Order PO11824729sxlx..exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            justificantes.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            TGPF4-MG-002_Material Requirement for Sour Service_A.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            130 FDP..exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            FACTURAS.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            F#U0130YAT TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            e-dekont_html.exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 _xlsx.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 185.174.175.187

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            ITLDC-NLUATEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130sxlx..exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            1.exeGet hashmaliciousSmokeLoaderBrowse
                                            • 195.123.218.120
                                            TALEP VE F#U0130YAT TEKL#U0130F#U0130 FDP..exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            Unilever Unilever Sanayi ve Ticaret Turk AS Purchase Order PO11824729sxlx..exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            https://mt.tryd.pro/?utm_medium=5d539b8fe867f4649d0e7e9d483a8c0123849486&utm_campaign=Remnantnewtest&1=1Get hashmaliciousUnknownBrowse
                                            • 91.223.123.205
                                            CHNSoT10HG.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                            • 185.174.174.220
                                            justificantes.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            S9iJqTQS7q.exeGet hashmaliciousRedLineBrowse
                                            • 178.159.39.40
                                            TGPF4-MG-002_Material Requirement for Sour Service_A.scr.exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187
                                            130 FDP..exeGet hashmaliciousAgentTeslaBrowse
                                            • 185.174.175.187

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe

                                            Download File
                                            Process:C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                            Category:dropped
                                            Size (bytes):2070528
                                            Entropy (8bit):7.009704680519339
                                            Encrypted:false
                                            SSDEEP:24576:oynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52jOXuq01dKqOFWYuO:ZjN3CdJ81nEQhs30e1uqsrOFA
                                            MD5:456442E5615445A54F15EAE38140C50A
                                            SHA1:F81074CE9855601A33B97FB357FBEE1BBDD7FCF6
                                            SHA-256:0ECA094AC422E8D7B0B58532B5A1FB7A59B4CC6CB6BBE1EC49259EBF10522AE5
                                            SHA-512:B69F617E0DEB48AF12F230DCF016211F94EEA612F364357D84E96499F61B1BDC028CCA43BBFA7F8F169B2645F6F6D6F243671E4C10AB2080F9C5896B45BC8ED0
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, Author: Joe Security
                                            • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD, Description: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF, Source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, Author: ditekSHen
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 37%
                                            • Antivirus: Virustotal, Detection: 28%, Browse
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6c.IW._IW._IW._O..^EW._O..^XW._O..^gW._@/._GW._./.^BW._IW._IV._.+.^BW._.+.^.W._IW._KW._#..^HW._#.._HW._#..^HW._RichIW._........................PE..d...vsNf.........."....&............\..........@..............................%...........`..........................................y..X....y........!....... .L1............%.4...p...........................(...0...@...............x............................text............................... ..`.managedh....0....... .............. ..`hydrated.................................rdata..............................@..@.data............"...x..............@....pdata..L1.... ..2..................@..@_RDATA........!.....................@..@.rsrc.........!.....................@..@.reloc..4.....%.....................@..B........................................................................................................

                                            C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe:Zone.Identifier

                                            Download File
                                            Process:C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:modified
                                            Size (bytes):26
                                            Entropy (8bit):3.95006375643621
                                            Encrypted:false
                                            SSDEEP:3:ggPYV:rPYV
                                            MD5:187F488E27DB4AF347237FE461A079AD
                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                            Malicious:false
                                            Reputation:high, very likely benign file
                                            Preview:[ZoneTransfer]....ZoneId=0

                                            Static File Info

                                            General

                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                            Entropy (8bit):7.009704680519339
                                            TrID:
                                            • Win64 Executable Console (202006/5) 92.65%
                                            • Win64 Executable (generic) (12005/4) 5.51%
                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                            • DOS Executable Generic (2002/1) 0.92%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                                            File size:2'070'528 bytes
                                            MD5:456442e5615445a54f15eae38140c50a
                                            SHA1:f81074ce9855601a33b97fb357fbee1bbdd7fcf6
                                            SHA256:0eca094ac422e8d7b0b58532b5a1fb7a59b4cc6cb6bbe1ec49259ebf10522ae5
                                            SHA512:b69f617e0deb48af12f230dcf016211f94eea612f364357d84e96499f61b1bdc028cca43bbfa7f8f169b2645f6f6d6f243671e4c10ab2080f9c5896b45bc8ed0
                                            SSDEEP:24576:oynjN3fi9dEoZR814OEQjls30eTFxmT4i8eMOq52jOXuq01dKqOFWYuO:ZjN3CdJ81nEQhs30e1uqsrOFA
                                            TLSH:78A5B005A3F801E4E46BC634C6599733D2B1B84A1734E58B0A5AD7822F73EE15BBF712
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6c.IW._IW._IW._O..^EW._O..^XW._O..^gW._@/._GW._./.^BW._IW._IV._.+.^BW._.+.^.W._IW._KW._#..^HW._#.._HW._#..^HW._RichIW._.......

                                            File Icon

                                            Icon Hash:4f81888c8c89874f

                                            Static PE Info

                                            General

                                            Entrypoint:0x140068d5c
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x140000000
                                            Subsystem:windows cui
                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x664E7376 [Wed May 22 22:36:38 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:6
                                            OS Version Minor:0
                                            File Version Major:6
                                            File Version Minor:0
                                            Subsystem Version Major:6
                                            Subsystem Version Minor:0
                                            Import Hash:79856d4b034c49dc3dd3e403b25b6bbf

                                            Entrypoint Preview

                                            Instruction
                                            dec eax
                                            sub esp, 28h
                                            call 00007FD7D4D030ECh
                                            dec eax
                                            add esp, 28h
                                            jmp 00007FD7D4D029E7h
                                            int3
                                            int3
                                            inc eax
                                            push ebx
                                            dec eax
                                            sub esp, 20h
                                            dec eax
                                            mov ebx, ecx
                                            jmp 00007FD7D4D02B81h
                                            dec eax
                                            mov ecx, ebx
                                            call 00007FD7D4D0B225h
                                            test eax, eax
                                            je 00007FD7D4D02B85h
                                            dec eax
                                            mov ecx, ebx
                                            call 00007FD7D4D02897h
                                            dec eax
                                            test eax, eax
                                            je 00007FD7D4D02B59h
                                            dec eax
                                            add esp, 20h
                                            pop ebx
                                            ret
                                            dec eax
                                            cmp ebx, FFFFFFFFh
                                            je 00007FD7D4D02B78h
                                            call 00007FD7D4D0357Ch
                                            int3
                                            call 00007FD7D4D03596h
                                            int3
                                            jmp 00007FD7D4D035C4h
                                            int3
                                            int3
                                            int3
                                            jmp 00007FD7D4D02C2Ch
                                            int3
                                            int3
                                            int3
                                            dec eax
                                            sub esp, 28h
                                            dec ebp
                                            mov eax, dword ptr [ecx+38h]
                                            dec eax
                                            mov ecx, edx
                                            dec ecx
                                            mov edx, ecx
                                            call 00007FD7D4D02B82h
                                            mov eax, 00000001h
                                            dec eax
                                            add esp, 28h
                                            ret
                                            int3
                                            int3
                                            int3
                                            inc eax
                                            push ebx
                                            inc ebp
                                            mov ebx, dword ptr [eax]
                                            dec eax
                                            mov ebx, edx
                                            inc ecx
                                            and ebx, FFFFFFF8h
                                            dec esp
                                            mov ecx, ecx
                                            inc ecx
                                            test byte ptr [eax], 00000004h
                                            dec esp
                                            mov edx, ecx
                                            je 00007FD7D4D02B85h
                                            inc ecx
                                            mov eax, dword ptr [eax+08h]
                                            dec ebp
                                            arpl word ptr [eax+04h], dx
                                            neg eax
                                            dec esp
                                            add edx, ecx
                                            dec eax
                                            arpl ax, cx
                                            dec esp
                                            and edx, ecx
                                            dec ecx
                                            arpl bx, ax
                                            dec edx
                                            mov edx, dword ptr [eax+edx]
                                            dec eax
                                            mov eax, dword ptr [ebx+10h]
                                            mov ecx, dword ptr [eax+08h]
                                            dec eax
                                            mov eax, dword ptr [ebx+08h]
                                            test byte ptr [ecx+eax+03h], 0000000Fh
                                            je 00007FD7D4D02B7Dh
                                            movzx eax, byte ptr [ecx+eax+00h]

                                            Rich Headers

                                            Programming Language:
                                            • [IMP] VS2008 SP1 build 30729

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x1f79a00x58.rdata
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1f79f80xf0.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x21d0000x3c1e6.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2080000x1314c.pdata
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x25a0000x634.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x1ca3700x1c.rdata
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x1ca5000x28.rdata
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1ca2300x140.rdata
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x17d0000x778.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x71a880x71c005cdd54da137ec06542526019b1031732False0.4528288118131868data6.6410813091638IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .managed0x730000xb91680xb92002d30634d2eb96982ab12a2d431b95020False0.4601620526671168data6.463570386679756IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            hydrated0x12d0000x4f8080x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rdata0x17d0000x7c4de0x7c60045fde1d586ca634d803af629131f3bfaFalse0.469921875data6.575391637700044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x1fa0000xdc900x22005c15d417ed4d359d82911c50efdabf9aFalse0.23793658088235295data3.6721787513471362IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .pdata0x2080000x1314c0x132008cc774a948808419be7ca4f4b39fb78dFalse0.4887280433006536data6.17164551981099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            _RDATA0x21c0000x1f40x200cfc28b4453f40f4f91f4a52e36529a97False0.5078125data4.172727899540164IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .rsrc0x21d0000x3c1e60x3c200535b3db1e106e9738a2368c5f2218406False0.9869006626819127data7.992805950422709IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x25a0000x6340x8008b35b44373572aa9287a6c541ff3e534False0.48681640625data4.726579003687373IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            BINARY0x21d1c00x3aa94data1.0003371123208311
                                            RT_ICON0x257c540x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.37406191369606
                                            RT_GROUP_ICON0x258cfc0x14data1.1
                                            RT_VERSION0x258d100x2ecdata0.4144385026737968
                                            RT_MANIFEST0x258ffc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                            Imports

                                            DLLImport
                                            ADVAPI32.dllRegCloseKey, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegSetValueExA, GetTokenInformation, DuplicateTokenEx, OpenThreadToken, RevertToSelf, ImpersonateLoggedOnUser, CheckTokenMembership, EventWrite, EventRegister, EventEnabled
                                            bcrypt.dllBCryptGenRandom, BCryptEncrypt, BCryptDecrypt, BCryptImportKey, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptCloseAlgorithmProvider, BCryptDestroyKey
                                            KERNEL32.dllTlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, EncodePointer, RaiseException, RtlPcToFileHeader, CloseThreadpoolIo, GetStdHandle, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToSystemTime, GetSystemTime, GetCalendarInfoEx, CompareStringOrdinal, CompareStringEx, FindNLSStringEx, GetLocaleInfoEx, ResolveLocaleName, GetUserPreferredUILanguages, FindStringOrdinal, GetTickCount64, GetCurrentProcess, GetCurrentThread, Sleep, InitializeCriticalSection, InitializeConditionVariable, DeleteCriticalSection, LocalFree, EnterCriticalSection, SleepConditionVariableCS, LeaveCriticalSection, WakeConditionVariable, QueryPerformanceCounter, WaitForMultipleObjectsEx, GetLastError, QueryPerformanceFrequency, SetLastError, GetFullPathNameW, GetLongPathNameW, MultiByteToWideChar, WideCharToMultiByte, LocalAlloc, GetConsoleOutputCP, GetProcAddress, RaiseFailFastException, CreateThreadpoolIo, StartThreadpoolIo, CancelThreadpoolIo, LocaleNameToLCID, LCMapStringEx, EnumTimeFormatsEx, EnumCalendarInfoExEx, CopyFileExW, CreateFileW, DeleteFileW, DeviceIoControl, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FlushFileBuffers, FreeLibrary, GetFileAttributesExW, GetFileInformationByHandleEx, GetFileType, GetModuleFileNameW, GetOverlappedResult, GetSystemDirectoryW, LoadLibraryExW, ReadFile, SetFileInformationByHandle, SetThreadErrorMode, GetDynamicTimeZoneInformation, GetTimeZoneInformation, WriteFile, GetCurrentProcessorNumberEx, CloseHandle, SetEvent, CreateEventExW, GetEnvironmentVariableW, FormatMessageW, DuplicateHandle, GetThreadPriority, SetThreadPriority, GetConsoleMode, WriteConsoleW, GetExitCodeProcess, TerminateProcess, OpenProcess, K32EnumProcesses, GetProcessId, CreateProcessA, GetConsoleWindow, FreeConsole, AllocConsole, VirtualAllocEx, ResumeThread, CreateProcessW, GetThreadContext, SetThreadContext, FlushProcessWriteBuffers, GetCurrentThreadId, WaitForSingleObjectEx, VirtualQuery, RtlRestoreContext, AddVectoredExceptionHandler, FlsAlloc, FlsGetValue, FlsSetValue, CreateEventW, SwitchToThread, CreateThread, SuspendThread, FlushInstructionCache, VirtualAlloc, VirtualProtect, VirtualFree, QueryInformationJobObject, GetModuleHandleW, GetModuleHandleExW, GetProcessAffinityMask, InitializeContext, GetEnabledXStateFeatures, SetXStateFeaturesMask, InitializeCriticalSectionEx, GetSystemTimeAsFileTime, ResetEvent, DebugBreak, WaitForSingleObject, SleepEx, GlobalMemoryStatusEx, GetSystemInfo, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLargePageMinimum, VirtualUnlock, VirtualAllocExNuma, IsProcessInJob, GetNumaHighestNodeNumber, GetProcessGroupAffinity, K32GetProcessMemoryInfo, RtlUnwindEx, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, InitializeSListHead, GetCurrentProcessId
                                            ole32.dllCoUninitialize, CoTaskMemAlloc, CoGetApartmentType, CoCreateGuid, CoTaskMemFree, CoWaitForMultipleHandles, CoInitializeEx
                                            USER32.dllLoadStringW
                                            api-ms-win-crt-math-l1-1-0.dllpow, modf, ceil, __setusermatherr
                                            api-ms-win-crt-heap-l1-1-0.dllcalloc, malloc, _callnewh, _set_new_mode, free
                                            api-ms-win-crt-string-l1-1-0.dllwcsncmp, strncpy_s, _stricmp, strcpy_s, strcmp, _wcsicmp
                                            api-ms-win-crt-runtime-l1-1-0.dll_c_exit, _register_thread_local_exe_atexit_callback, _get_initial_wide_environment, _cexit, __p___wargv, __p___argc, _exit, exit, _initterm_e, _initterm, terminate, _crt_atexit, _initialize_wide_environment, _configure_wide_argv, _register_onexit_function, _initialize_onexit_table, _set_app_type, _seh_filter_exe, abort
                                            api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsprintf_s, __stdio_common_vsscanf, __stdio_common_vfprintf, __acrt_iob_func, _set_fmode, __p__commode
                                            api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale

                                            Exports

                                            NameOrdinalAddress
                                            DotNetRuntimeDebugHeader10x1401fb360

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            May 23, 2024 15:12:53.260236979 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:53.265321016 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:53.265409946 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:54.029222965 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.030416965 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:54.035527945 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.328249931 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.328459024 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:54.333328962 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.527731895 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.533373117 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:54.538422108 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.733638048 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.734266996 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.734365940 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:54.736526012 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.739083052 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.739213943 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:54.821755886 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:54.859803915 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:54.866245031 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.040095091 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.068104029 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:55.073221922 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.241656065 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.242585897 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:55.247649908 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.417109966 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.418338060 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:55.423413038 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.603194952 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.603755951 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:55.608814001 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.799839973 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:55.800117970 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:55.806675911 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.058804989 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.059051991 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:56.068198919 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.256257057 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.256917000 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:56.256973982 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:56.257013083 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:56.257034063 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:12:56.261940956 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.267010927 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.315535069 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.315591097 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.629919052 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:12:56.670226097 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:14:33.264463902 CEST49704587192.168.2.5185.174.175.187
                                            May 23, 2024 15:14:33.269871950 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:14:33.438318968 CEST58749704185.174.175.187192.168.2.5
                                            May 23, 2024 15:14:33.443396091 CEST49704587192.168.2.5185.174.175.187

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            May 23, 2024 15:12:53.241302967 CEST5780053192.168.2.51.1.1.1
                                            May 23, 2024 15:12:53.252381086 CEST53578001.1.1.1192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            May 23, 2024 15:12:53.241302967 CEST192.168.2.51.1.1.10x80b4Standard query (0)cp8nl.hyperhost.uaA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            May 23, 2024 15:12:53.252381086 CEST1.1.1.1192.168.2.50x80b4No error (0)cp8nl.hyperhost.ua185.174.175.187A (IP address)IN (0x0001)false

                                            SMTP Packets

                                            TimestampSource PortDest PortSource IPDest IPCommands
                                            May 23, 2024 15:12:54.029222965 CEST58749704185.174.175.187192.168.2.5220-cp8nl.hyperhost.ua ESMTP Exim 4.97.1 #2 Thu, 23 May 2024 16:12:53 +0300
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            May 23, 2024 15:12:54.030416965 CEST49704587192.168.2.5185.174.175.187EHLO 066656
                                            May 23, 2024 15:12:54.328249931 CEST58749704185.174.175.187192.168.2.5250-cp8nl.hyperhost.ua Hello 066656 [8.46.123.175]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-STARTTLS
                                            250 HELP
                                            May 23, 2024 15:12:54.328459024 CEST49704587192.168.2.5185.174.175.187STARTTLS
                                            May 23, 2024 15:12:54.527731895 CEST58749704185.174.175.187192.168.2.5220 TLS go ahead

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:09:12:50
                                            Start date:23/05/2024
                                            Path:C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe"
                                            Imagebase:0x7ff77c310000
                                            File size:2'070'528 bytes
                                            MD5 hash:456442E5615445A54F15EAE38140C50A
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000000.1972524893.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:1
                                            Start time:09:12:50
                                            Start date:23/05/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff6d64d0000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:3
                                            Start time:09:12:51
                                            Start date:23/05/2024
                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
                                            Imagebase:0xe20000
                                            File size:47'584 bytes
                                            MD5 hash:94C8E57A80DFCA2482DEDB87B93D4FD9
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3233652969.00000000032B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3233652969.0000000003241000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3233652969.0000000003241000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:moderate
                                            Has exited:false

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:6.8%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:26.7%
                                              Total number of Nodes:983
                                              Total number of Limit Nodes:29
                                              execution_graph 16859 7ff77c3123f9 16861 7ff77c312438 16859->16861 16860 7ff77c31249c 16861->16860 16864 7ff77c3125d0 16861->16864 16865 7ff77c31268b 16864->16865 16870 7ff77c3cca50 16865->16870 16871 7ff77c3cca62 16870->16871 16874 7ff77c3ccb00 16871->16874 16873 7ff77c3ccaa1 16885 7ff77c318700 16874->16885 16876 7ff77c3ccc0c 16905 7ff77c313960 16876->16905 16879 7ff77c318700 10 API calls 16883 7ff77c3ccc6b 16879->16883 16880 7ff77c3ccb7a 16880->16876 16909 7ff77c318830 16880->16909 16882 7ff77c3cccba 16882->16873 16883->16882 16884 7ff77c318830 16 API calls 16883->16884 16884->16883 16886 7ff77c318742 16885->16886 16887 7ff77c318787 16886->16887 16888 7ff77c318747 16886->16888 16890 7ff77c31de30 4 API calls 16887->16890 16891 7ff77c3187a1 16887->16891 16889 7ff77c318761 16888->16889 16917 7ff77c31de30 16888->16917 16923 7ff77c317b20 16889->16923 16890->16891 16893 7ff77c3187bd 16891->16893 16894 7ff77c3187d2 16891->16894 16897 7ff77c3182d0 2 API calls 16893->16897 16898 7ff77c3182d0 2 API calls 16894->16898 16900 7ff77c3187c9 16897->16900 16898->16900 16901 7ff77c318785 16900->16901 16902 7ff77c31de30 4 API calls 16900->16902 16903 7ff77c318809 16901->16903 16936 7ff77c317470 16901->16936 16902->16901 16903->16880 16906 7ff77c313986 16905->16906 16907 7ff77c313997 16906->16907 16908 7ff77c31398a RaiseFailFastException 16906->16908 16907->16879 16908->16907 16910 7ff77c318871 16909->16910 16990 7ff77c317ec0 16910->16990 16912 7ff77c318880 16913 7ff77c3188a1 16912->16913 16914 7ff77c31de30 4 API calls 16912->16914 16915 7ff77c317470 2 API calls 16913->16915 16916 7ff77c3188b2 16913->16916 16914->16913 16915->16916 16916->16880 16918 7ff77c31dedc 16917->16918 16920 7ff77c31de6b 16917->16920 16918->16889 16920->16918 16922 7ff77c31dea4 16920->16922 16942 7ff77c31db50 16920->16942 16922->16918 16950 7ff77c31def0 16922->16950 16927 7ff77c317b3d _swprintf_c_l 16923->16927 16924 7ff77c317d10 16931 7ff77c3182d0 16924->16931 16925 7ff77c317cef 16925->16924 16928 7ff77c31de30 4 API calls 16925->16928 16926 7ff77c317ce7 16984 7ff77c318540 16926->16984 16927->16924 16927->16925 16927->16926 16929 7ff77c317cd8 RaiseFailFastException 16927->16929 16928->16924 16929->16925 16932 7ff77c318337 16931->16932 16933 7ff77c3182e2 16931->16933 16932->16901 16933->16932 16934 7ff77c317470 2 API calls 16933->16934 16935 7ff77c318312 16934->16935 16935->16901 16937 7ff77c317490 16936->16937 16938 7ff77c317488 16936->16938 16937->16903 16938->16937 16939 7ff77c3174f9 RaiseFailFastException 16938->16939 16940 7ff77c317506 16938->16940 16939->16940 16940->16937 16941 7ff77c317521 RaiseFailFastException 16940->16941 16941->16937 16946 7ff77c31db74 16942->16946 16945 7ff77c378e70 _swprintf_c_l 3 API calls 16947 7ff77c31dc08 16945->16947 16946->16947 16954 7ff77c378e70 16946->16954 16949 7ff77c31dc95 ISource 16947->16949 16957 7ff77c31acb0 GetCurrentThreadId 16947->16957 16949->16922 16951 7ff77c31df45 16950->16951 16953 7ff77c31df4c 16950->16953 16980 7ff77c31d980 16951->16980 16953->16918 16958 7ff77c378d70 16954->16958 16957->16949 16959 7ff77c378d8a malloc 16958->16959 16960 7ff77c31dbdd 16959->16960 16961 7ff77c378d7b 16959->16961 16960->16945 16960->16949 16961->16959 16962 7ff77c378d9a 16961->16962 16963 7ff77c378da5 16962->16963 16967 7ff77c3797ac 16962->16967 16971 7ff77c3797cc 16963->16971 16968 7ff77c3797ba std::bad_alloc::bad_alloc 16967->16968 16975 7ff77c37a65c 16968->16975 16970 7ff77c3797cb 16972 7ff77c3797da std::bad_alloc::bad_alloc 16971->16972 16973 7ff77c37a65c Concurrency::cancel_current_task 2 API calls 16972->16973 16974 7ff77c378dab 16973->16974 16976 7ff77c37a67b 16975->16976 16977 7ff77c37a6c6 RaiseException 16976->16977 16978 7ff77c37a6a4 RtlPcToFileHeader 16976->16978 16977->16970 16979 7ff77c37a6bc 16978->16979 16979->16977 16982 7ff77c31d9aa _swprintf_c_l 16980->16982 16981 7ff77c31d9d1 16981->16953 16982->16981 16983 7ff77c378e70 _swprintf_c_l 3 API calls 16982->16983 16983->16981 16988 7ff77c318554 16984->16988 16985 7ff77c3186be RaiseFailFastException 16985->16988 16986 7ff77c318623 RaiseFailFastException 16986->16988 16987 7ff77c318639 RaiseFailFastException 16987->16988 16988->16985 16988->16986 16988->16987 16989 7ff77c3186d0 16988->16989 16989->16925 17001 7ff77c317ef0 16990->17001 16991 7ff77c317f43 RaiseFailFastException 16991->17001 16992 7ff77c3181de 16993 7ff77c317b20 8 API calls 16992->16993 16997 7ff77c3181e4 16992->16997 16993->16997 16994 7ff77c3182b2 16994->16912 16995 7ff77c318231 16998 7ff77c318540 3 API calls 16995->16998 16996 7ff77c31820e RaiseFailFastException 16996->16997 16997->16994 17000 7ff77c317470 2 API calls 16997->17000 16998->16997 16999 7ff77c3180a2 RaiseFailFastException 16999->17001 17002 7ff77c318287 17000->17002 17001->16991 17001->16992 17001->16995 17001->16996 17001->16997 17001->16999 17004 7ff77c317470 2 API calls 17001->17004 17005 7ff77c318198 RaiseFailFastException 17001->17005 17006 7ff77c3181ae RaiseFailFastException 17001->17006 17007 7ff77c31de30 4 API calls 17001->17007 17008 7ff77c317710 17001->17008 17002->16912 17004->17001 17005->17001 17006->17001 17007->17001 17009 7ff77c317767 17008->17009 17010 7ff77c31773d 17008->17010 17012 7ff77c3178f6 17009->17012 17016 7ff77c317794 17009->17016 17011 7ff77c31de30 4 API calls 17010->17011 17011->17009 17013 7ff77c317909 17012->17013 17014 7ff77c3178fc RaiseFailFastException 17012->17014 17015 7ff77c317470 2 API calls 17013->17015 17014->17013 17018 7ff77c3178e1 17015->17018 17017 7ff77c317470 2 API calls 17016->17017 17017->17018 17018->17001 17755 7ff77c32af28 17756 7ff77c32af2d 17755->17756 17757 7ff77c32af80 17755->17757 17773 7ff77c34e700 17756->17773 17765 7ff77c33d760 17757->17765 17760 7ff77c32b02a 17762 7ff77c32b055 17760->17762 17781 7ff77c341650 17760->17781 17785 7ff77c332490 17762->17785 17764 7ff77c32b0c0 17767 7ff77c33d776 17765->17767 17766 7ff77c33d7a7 17766->17756 17767->17766 17768 7ff77c33d810 17767->17768 17769 7ff77c31de30 4 API calls 17767->17769 17790 7ff77c3502e0 17768->17790 17769->17768 17772 7ff77c31de30 4 API calls 17772->17766 17774 7ff77c34e719 17773->17774 17775 7ff77c34e729 17773->17775 17774->17760 17776 7ff77c34e85b SwitchToThread 17775->17776 17777 7ff77c34e779 SwitchToThread 17775->17777 17778 7ff77c34e867 17775->17778 17779 7ff77c34e817 SwitchToThread 17775->17779 17780 7ff77c34e82c SwitchToThread 17775->17780 17776->17775 17777->17775 17778->17760 17779->17775 17780->17775 17782 7ff77c34166f 17781->17782 17784 7ff77c3416da _swprintf_c_l 17781->17784 17782->17784 17801 7ff77c3229e0 VirtualAlloc 17782->17801 17784->17762 17786 7ff77c341650 2 API calls 17785->17786 17787 7ff77c3324c5 _swprintf_c_l 17786->17787 17788 7ff77c34e700 4 API calls 17787->17788 17789 7ff77c332615 17788->17789 17789->17764 17789->17789 17791 7ff77c350319 EnterCriticalSection 17790->17791 17792 7ff77c3503a5 17790->17792 17795 7ff77c350339 LeaveCriticalSection 17791->17795 17793 7ff77c33d839 17792->17793 17794 7ff77c322740 3 API calls 17792->17794 17793->17766 17793->17772 17796 7ff77c3503d6 17794->17796 17795->17792 17796->17793 17798 7ff77c3503e7 EnterCriticalSection 17796->17798 17799 7ff77c35040d LeaveCriticalSection 17798->17799 17800 7ff77c350406 17798->17800 17799->17793 17800->17799 17802 7ff77c322a2c 17801->17802 17803 7ff77c322a1b 17801->17803 17802->17784 17803->17802 17804 7ff77c322a20 VirtualUnlock 17803->17804 17804->17802 17805 7ff77c32dd6b 17808 7ff77c34e890 17805->17808 17807 7ff77c32dd43 17807->17807 17811 7ff77c32aa00 17808->17811 17810 7ff77c34e8c8 17810->17807 17812 7ff77c32aa57 17811->17812 17813 7ff77c32ae0a 17812->17813 17814 7ff77c34e700 4 API calls 17812->17814 17813->17810 17815 7ff77c32ab55 _swprintf_c_l 17814->17815 17816 7ff77c341650 2 API calls 17815->17816 17817 7ff77c32ad41 17815->17817 17816->17817 17817->17813 17818 7ff77c332490 6 API calls 17817->17818 17818->17813 17819 7ff77c31fc50 17820 7ff77c31fc6a 17819->17820 17821 7ff77c31fc75 17819->17821 17822 7ff77c31fca2 VirtualAlloc 17821->17822 17827 7ff77c31fcf6 17821->17827 17823 7ff77c31fcdd 17822->17823 17822->17827 17824 7ff77c378e70 _swprintf_c_l 3 API calls 17823->17824 17825 7ff77c31fcee 17824->17825 17826 7ff77c31fd41 VirtualFree 17825->17826 17825->17827 17826->17827 17019 7ff77c313c80 17020 7ff77c313cce 17019->17020 17023 7ff77c319870 17020->17023 17022 7ff77c313cde 17024 7ff77c319899 17023->17024 17025 7ff77c31990c 17024->17025 17027 7ff77c32725e 17024->17027 17025->17022 17028 7ff77c32729b 17027->17028 17029 7ff77c3272c5 17027->17029 17031 7ff77c3272a4 DebugBreak 17028->17031 17033 7ff77c3272a9 17028->17033 17035 7ff77c32cd40 17029->17035 17031->17033 17032 7ff77c3272e8 17032->17033 17048 7ff77c329c50 17032->17048 17033->17025 17046 7ff77c32cd6f 17035->17046 17036 7ff77c3449a0 GetTickCount64 17036->17046 17037 7ff77c32ce29 SwitchToThread 17037->17046 17041 7ff77c32cf4b 17041->17032 17042 7ff77c333480 39 API calls 17042->17046 17043 7ff77c32ce55 SwitchToThread 17043->17046 17045 7ff77c350690 WaitForSingleObject 17045->17046 17046->17036 17046->17037 17046->17041 17046->17042 17046->17043 17046->17045 17047 7ff77c32ce1d SwitchToThread 17046->17047 17055 7ff77c32d9f0 17046->17055 17074 7ff77c3504d0 17046->17074 17088 7ff77c3226f0 17046->17088 17091 7ff77c32d470 17046->17091 17047->17046 17050 7ff77c329c86 17048->17050 17053 7ff77c329cbf 17048->17053 17049 7ff77c329c99 SwitchToThread 17049->17050 17050->17049 17051 7ff77c3226f0 SleepEx 17050->17051 17050->17053 17051->17050 17052 7ff77c329d95 ISource 17052->17033 17053->17052 17054 7ff77c329d90 DebugBreak 17053->17054 17054->17052 17056 7ff77c32dbe2 17055->17056 17057 7ff77c32da2c 17055->17057 17058 7ff77c32dbe7 17057->17058 17059 7ff77c32da9d 17057->17059 17058->17056 17105 7ff77c326e90 17058->17105 17060 7ff77c32daac SwitchToThread 17059->17060 17063 7ff77c32daba 17060->17063 17063->17056 17065 7ff77c32db61 SwitchToThread 17063->17065 17070 7ff77c32db8d SwitchToThread 17063->17070 17071 7ff77c3226f0 SleepEx 17063->17071 17072 7ff77c32db55 SwitchToThread 17063->17072 17101 7ff77c350690 17063->17101 17065->17063 17070->17063 17071->17063 17072->17063 17075 7ff77c3504ed 17074->17075 17076 7ff77c350679 17074->17076 17111 7ff77c321e90 17075->17111 17076->17046 17079 7ff77c350667 17079->17046 17080 7ff77c326e90 WaitForSingleObject 17083 7ff77c35054d 17080->17083 17081 7ff77c350650 17081->17046 17082 7ff77c3505d9 SwitchToThread 17082->17083 17083->17081 17083->17082 17084 7ff77c350605 SwitchToThread 17083->17084 17085 7ff77c3226f0 SleepEx 17083->17085 17086 7ff77c350690 WaitForSingleObject 17083->17086 17087 7ff77c3505cd SwitchToThread 17083->17087 17084->17083 17085->17083 17086->17083 17087->17083 17089 7ff77c3226fd 17088->17089 17090 7ff77c3226f4 SleepEx 17088->17090 17089->17046 17090->17089 17092 7ff77c32d61b 17091->17092 17093 7ff77c32d4ac 17091->17093 17092->17092 17093->17092 17094 7ff77c3226f0 SleepEx 17093->17094 17096 7ff77c32d4ef 17094->17096 17095 7ff77c32d59a SwitchToThread 17095->17096 17096->17092 17096->17095 17097 7ff77c32d5c6 SwitchToThread 17096->17097 17098 7ff77c3226f0 SleepEx 17096->17098 17099 7ff77c350690 WaitForSingleObject 17096->17099 17100 7ff77c32d58e SwitchToThread 17096->17100 17097->17096 17098->17096 17099->17096 17100->17096 17103 7ff77c3506a6 17101->17103 17102 7ff77c3506dd 17102->17063 17103->17102 17109 7ff77c322a50 WaitForSingleObject 17103->17109 17106 7ff77c326ea8 17105->17106 17110 7ff77c322a50 WaitForSingleObject 17106->17110 17112 7ff77c321ec7 GetCurrentProcess 17111->17112 17113 7ff77c321f7f GlobalMemoryStatusEx 17111->17113 17114 7ff77c321ee0 17112->17114 17115 7ff77c321ee8 17113->17115 17114->17113 17114->17115 17118 7ff77c378e50 17115->17118 17119 7ff77c378e59 17118->17119 17120 7ff77c322058 17119->17120 17121 7ff77c37983c IsProcessorFeaturePresent 17119->17121 17120->17079 17120->17080 17122 7ff77c379854 17121->17122 17127 7ff77c379910 RtlCaptureContext 17122->17127 17128 7ff77c37992a RtlLookupFunctionEntry 17127->17128 17129 7ff77c379867 17128->17129 17130 7ff77c379940 RtlVirtualUnwind 17128->17130 17131 7ff77c379808 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17129->17131 17130->17128 17130->17129 17132 7ff77c316740 17137 7ff77c314a90 17132->17137 17134 7ff77c316752 17143 7ff77c3cc430 17134->17143 17138 7ff77c314ab6 17137->17138 17142 7ff77c314ad4 17138->17142 17150 7ff77c31aad0 FlsGetValue 17138->17150 17140 7ff77c314acc 17141 7ff77c315780 6 API calls 17140->17141 17141->17142 17142->17134 17153 7ff77c316480 17143->17153 17145 7ff77c3cc451 17169 7ff77c3b4210 17145->17169 17148 7ff77c3cc456 17172 7ff77c316880 17148->17172 17177 7ff77c316870 17148->17177 17151 7ff77c31aaf8 FlsSetValue 17150->17151 17152 7ff77c31aaea RaiseFailFastException 17150->17152 17152->17151 17156 7ff77c3164a5 17153->17156 17154 7ff77c3164b9 17154->17145 17155 7ff77c31657f 17157 7ff77c31659f 17155->17157 17158 7ff77c316586 17155->17158 17156->17154 17156->17155 17163 7ff77c316547 17156->17163 17164 7ff77c316528 17156->17164 17167 7ff77c316566 17156->17167 17159 7ff77c3165cf 17157->17159 17184 7ff77c316210 GetLastError 17157->17184 17181 7ff77c31b030 17158->17181 17159->17145 17160 7ff77c314a90 9 API calls 17160->17155 17162 7ff77c316592 RaiseFailFastException 17162->17157 17163->17167 17168 7ff77c316559 RaiseFailFastException 17163->17168 17166 7ff77c316530 Sleep 17164->17166 17166->17163 17166->17166 17167->17160 17168->17167 17187 7ff77c3b42c0 17169->17187 17171 7ff77c3b421e 17171->17148 17173 7ff77c316884 17172->17173 17174 7ff77c316890 WaitForSingleObjectEx 17173->17174 17176 7ff77c3168b9 17173->17176 17174->17173 17175 7ff77c3168c7 17174->17175 17175->17148 17176->17148 17178 7ff77c31fad0 17177->17178 17179 7ff77c31fada 17178->17179 17180 7ff77c31fae1 SetEvent 17178->17180 17179->17148 17180->17148 17182 7ff77c31b044 17181->17182 17182->17182 17183 7ff77c31b04d GetStdHandle WriteFile 17182->17183 17183->17162 17185 7ff77c316240 17184->17185 17186 7ff77c316266 SetLastError 17185->17186 17188 7ff77c3b42df 17187->17188 17189 7ff77c3b430b CoInitializeEx 17188->17189 17190 7ff77c3b432e 17188->17190 17191 7ff77c3b4322 17189->17191 17190->17171 17191->17190 17192 7ff77c3b437a 17191->17192 17200 7ff77c3122d0 17191->17200 17194 7ff77c3122d0 17 API calls 17192->17194 17196 7ff77c3b4386 17194->17196 17195 7ff77c3b4367 17197 7ff77c3125d0 17 API calls 17195->17197 17198 7ff77c3125d0 17 API calls 17196->17198 17197->17192 17199 7ff77c3b4399 17198->17199 17201 7ff77c3122fb 17200->17201 17203 7ff77c312302 17200->17203 17201->17195 17202 7ff77c312359 17202->17195 17203->17202 17204 7ff77c3125d0 17 API calls 17203->17204 17205 7ff77c3cc971 17204->17205 17206 7ff77c3155c0 17236 7ff77c31ae30 FlsAlloc 17206->17236 17208 7ff77c31572e 17209 7ff77c3155cb 17209->17208 17249 7ff77c31acd0 GetModuleHandleExW 17209->17249 17211 7ff77c3155eb 17250 7ff77c316f20 17211->17250 17213 7ff77c3155f3 17213->17208 17258 7ff77c31b560 17213->17258 17217 7ff77c315610 17217->17208 17218 7ff77c315638 RtlAddVectoredExceptionHandler 17217->17218 17219 7ff77c31564c 17218->17219 17220 7ff77c315651 17218->17220 17222 7ff77c315685 17219->17222 17223 7ff77c31d5c0 9 API calls 17219->17223 17295 7ff77c31d5c0 17220->17295 17224 7ff77c3156df 17222->17224 17272 7ff77c31dd30 17222->17272 17223->17222 17280 7ff77c319d50 17224->17280 17227 7ff77c3156e4 17227->17208 17301 7ff77c315270 17227->17301 17237 7ff77c31af7e 17236->17237 17238 7ff77c31ae50 17236->17238 17237->17209 17312 7ff77c323720 17238->17312 17240 7ff77c31ae55 17241 7ff77c3224c0 10 API calls 17240->17241 17242 7ff77c31ae5a 17241->17242 17242->17237 17243 7ff77c31d5c0 9 API calls 17242->17243 17244 7ff77c31ae82 17243->17244 17245 7ff77c31aeaa GetCurrentProcess GetProcessAffinityMask 17244->17245 17246 7ff77c31aea1 17244->17246 17248 7ff77c31af18 17244->17248 17245->17246 17247 7ff77c31aef4 QueryInformationJobObject 17246->17247 17247->17248 17248->17209 17249->17211 17251 7ff77c378e70 _swprintf_c_l 3 API calls 17250->17251 17252 7ff77c316f35 17251->17252 17253 7ff77c316f74 17252->17253 17451 7ff77c31fbd0 17252->17451 17253->17213 17255 7ff77c316f42 17255->17253 17256 7ff77c31b220 InitializeCriticalSectionEx 17255->17256 17257 7ff77c316f6d 17256->17257 17257->17213 17259 7ff77c31b220 InitializeCriticalSectionEx 17258->17259 17260 7ff77c315600 17259->17260 17260->17208 17261 7ff77c316960 17260->17261 17262 7ff77c378e70 _swprintf_c_l 3 API calls 17261->17262 17263 7ff77c31697e 17262->17263 17264 7ff77c316a1a 17263->17264 17454 7ff77c314bc0 17263->17454 17264->17217 17266 7ff77c3169b0 17267 7ff77c3169fa 17266->17267 17461 7ff77c314cb0 17266->17461 17267->17217 17269 7ff77c3169bd 17271 7ff77c3169cd ISource 17269->17271 17465 7ff77c314a40 17269->17465 17271->17217 17273 7ff77c31dd5b 17272->17273 17279 7ff77c31de06 17272->17279 17274 7ff77c378e70 _swprintf_c_l 3 API calls 17273->17274 17275 7ff77c31dd7a 17274->17275 17276 7ff77c31b220 InitializeCriticalSectionEx 17275->17276 17277 7ff77c31dda5 17276->17277 17278 7ff77c31ddee GetSystemTimeAsFileTime 17277->17278 17278->17279 17279->17224 17281 7ff77c3787ed 17280->17281 17282 7ff77c319d89 EventRegister 17281->17282 17283 7ff77c319e0c 17282->17283 17285 7ff77c319e07 17282->17285 17284 7ff77c31d5c0 9 API calls 17283->17284 17284->17285 17470 7ff77c31a630 17285->17470 17288 7ff77c319e84 17288->17227 17289 7ff77c319e5b 17289->17288 17488 7ff77c3167c0 17289->17488 17291 7ff77c319e64 17291->17288 17495 7ff77c31e7e0 17291->17495 17292 7ff77c319e74 17292->17227 17298 7ff77c31d630 17295->17298 17296 7ff77c31d6b0 _wcsicmp 17296->17298 17300 7ff77c31d6cd 17296->17300 17297 7ff77c378e50 8 API calls 17299 7ff77c31d7ad 17297->17299 17298->17296 17298->17300 17299->17219 17300->17297 17305 7ff77c31529a 17301->17305 17309 7ff77c3153fb 17301->17309 17302 7ff77c315586 17302->17208 17310 7ff77c31b220 17302->17310 17303 7ff77c31b030 2 API calls 17304 7ff77c31557a RaiseFailFastException 17303->17304 17304->17302 17305->17309 17745 7ff77c31afe0 LoadLibraryExW 17305->17745 17307 7ff77c315376 17307->17309 17748 7ff77c31af90 LoadLibraryExW 17307->17748 17309->17302 17309->17303 17311 7ff77c378a63 InitializeCriticalSectionEx 17310->17311 17439 7ff77c3199a0 17312->17439 17315 7ff77c3199a0 9 API calls 17316 7ff77c32375e 17315->17316 17317 7ff77c3199a0 9 API calls 17316->17317 17318 7ff77c323779 17317->17318 17319 7ff77c3199a0 9 API calls 17318->17319 17320 7ff77c323794 17319->17320 17321 7ff77c3199a0 9 API calls 17320->17321 17322 7ff77c3237b4 17321->17322 17323 7ff77c3199a0 9 API calls 17322->17323 17324 7ff77c3237cf 17323->17324 17325 7ff77c3199a0 9 API calls 17324->17325 17326 7ff77c3237ef 17325->17326 17327 7ff77c3199a0 9 API calls 17326->17327 17328 7ff77c32380a 17327->17328 17329 7ff77c3199a0 9 API calls 17328->17329 17330 7ff77c323825 17329->17330 17331 7ff77c3199a0 9 API calls 17330->17331 17332 7ff77c323840 17331->17332 17333 7ff77c3199a0 9 API calls 17332->17333 17334 7ff77c323860 17333->17334 17335 7ff77c3199a0 9 API calls 17334->17335 17336 7ff77c323880 17335->17336 17445 7ff77c319b60 17336->17445 17339 7ff77c319b60 9 API calls 17340 7ff77c3238b0 17339->17340 17341 7ff77c319b60 9 API calls 17340->17341 17342 7ff77c3238c5 17341->17342 17343 7ff77c319b60 9 API calls 17342->17343 17344 7ff77c3238da 17343->17344 17345 7ff77c319b60 9 API calls 17344->17345 17346 7ff77c3238ef 17345->17346 17347 7ff77c319b60 9 API calls 17346->17347 17348 7ff77c323909 17347->17348 17349 7ff77c319b60 9 API calls 17348->17349 17350 7ff77c32391e 17349->17350 17351 7ff77c319b60 9 API calls 17350->17351 17352 7ff77c323933 17351->17352 17353 7ff77c319b60 9 API calls 17352->17353 17354 7ff77c323948 17353->17354 17355 7ff77c319b60 9 API calls 17354->17355 17356 7ff77c32395d 17355->17356 17357 7ff77c319b60 9 API calls 17356->17357 17358 7ff77c323972 17357->17358 17359 7ff77c319b60 9 API calls 17358->17359 17360 7ff77c323987 17359->17360 17361 7ff77c319b60 9 API calls 17360->17361 17362 7ff77c3239a1 17361->17362 17363 7ff77c319b60 9 API calls 17362->17363 17364 7ff77c3239bb 17363->17364 17365 7ff77c319b60 9 API calls 17364->17365 17366 7ff77c3239d0 17365->17366 17367 7ff77c319b60 9 API calls 17366->17367 17368 7ff77c3239e5 17367->17368 17369 7ff77c319b60 9 API calls 17368->17369 17370 7ff77c3239fa 17369->17370 17371 7ff77c319b60 9 API calls 17370->17371 17372 7ff77c323a0f 17371->17372 17373 7ff77c319b60 9 API calls 17372->17373 17374 7ff77c323a29 17373->17374 17375 7ff77c319b60 9 API calls 17374->17375 17376 7ff77c323a43 17375->17376 17377 7ff77c319b60 9 API calls 17376->17377 17378 7ff77c323a58 17377->17378 17379 7ff77c319b60 9 API calls 17378->17379 17380 7ff77c323a6d 17379->17380 17381 7ff77c319b60 9 API calls 17380->17381 17382 7ff77c323a82 17381->17382 17383 7ff77c319b60 9 API calls 17382->17383 17384 7ff77c323a97 17383->17384 17385 7ff77c319b60 9 API calls 17384->17385 17386 7ff77c323aac 17385->17386 17387 7ff77c319b60 9 API calls 17386->17387 17388 7ff77c323ac1 17387->17388 17389 7ff77c319b60 9 API calls 17388->17389 17390 7ff77c323ad6 17389->17390 17391 7ff77c319b60 9 API calls 17390->17391 17392 7ff77c323aeb 17391->17392 17393 7ff77c319b60 9 API calls 17392->17393 17394 7ff77c323b00 17393->17394 17395 7ff77c319b60 9 API calls 17394->17395 17396 7ff77c323b15 17395->17396 17397 7ff77c319b60 9 API calls 17396->17397 17398 7ff77c323b2a 17397->17398 17399 7ff77c319b60 9 API calls 17398->17399 17400 7ff77c323b3f 17399->17400 17401 7ff77c319b60 9 API calls 17400->17401 17402 7ff77c323b54 17401->17402 17403 7ff77c319b60 9 API calls 17402->17403 17404 7ff77c323b69 17403->17404 17405 7ff77c319b60 9 API calls 17404->17405 17406 7ff77c323b7e 17405->17406 17407 7ff77c319b60 9 API calls 17406->17407 17408 7ff77c323b93 17407->17408 17409 7ff77c319b60 9 API calls 17408->17409 17410 7ff77c323ba8 17409->17410 17411 7ff77c319b60 9 API calls 17410->17411 17412 7ff77c323bbd 17411->17412 17413 7ff77c319b60 9 API calls 17412->17413 17414 7ff77c323bd2 17413->17414 17415 7ff77c319b60 9 API calls 17414->17415 17416 7ff77c323be7 17415->17416 17417 7ff77c319b60 9 API calls 17416->17417 17418 7ff77c323bfc 17417->17418 17419 7ff77c319b60 9 API calls 17418->17419 17420 7ff77c323c11 17419->17420 17421 7ff77c319b60 9 API calls 17420->17421 17422 7ff77c323c26 17421->17422 17423 7ff77c319b60 9 API calls 17422->17423 17424 7ff77c323c40 17423->17424 17425 7ff77c319b60 9 API calls 17424->17425 17426 7ff77c323c5a 17425->17426 17427 7ff77c319b60 9 API calls 17426->17427 17428 7ff77c323c74 17427->17428 17429 7ff77c319b60 9 API calls 17428->17429 17430 7ff77c323c8e 17429->17430 17431 7ff77c319b60 9 API calls 17430->17431 17432 7ff77c323ca8 17431->17432 17433 7ff77c319b60 9 API calls 17432->17433 17434 7ff77c323cc2 17433->17434 17435 7ff77c319b60 9 API calls 17434->17435 17436 7ff77c323cd7 17435->17436 17437 7ff77c319b60 9 API calls 17436->17437 17438 7ff77c323cf1 17437->17438 17442 7ff77c3199d3 17439->17442 17440 7ff77c3199d7 17441 7ff77c378e50 8 API calls 17440->17441 17443 7ff77c319b0e 17441->17443 17442->17440 17444 7ff77c31d5c0 9 API calls 17442->17444 17443->17315 17444->17440 17447 7ff77c319b90 17445->17447 17446 7ff77c31d5c0 9 API calls 17448 7ff77c319ca8 17446->17448 17447->17446 17449 7ff77c378e50 8 API calls 17448->17449 17450 7ff77c319cc0 17449->17450 17450->17339 17452 7ff77c31b220 InitializeCriticalSectionEx 17451->17452 17453 7ff77c31fc1c 17452->17453 17453->17255 17455 7ff77c378e70 _swprintf_c_l 3 API calls 17454->17455 17456 7ff77c314bde 17455->17456 17457 7ff77c31b220 InitializeCriticalSectionEx 17456->17457 17458 7ff77c314c10 17456->17458 17457->17458 17460 7ff77c314c68 ISource 17458->17460 17468 7ff77c31b200 17458->17468 17460->17266 17462 7ff77c314cb5 17461->17462 17464 7ff77c314cc6 ISource 17461->17464 17463 7ff77c31b200 DeleteCriticalSection 17462->17463 17463->17464 17464->17269 17466 7ff77c31b200 17465->17466 17466->17271 17467 7ff77c37889b DeleteCriticalSection 17466->17467 17468->17460 17469 7ff77c37889b DeleteCriticalSection 17468->17469 17505 7ff77c321b70 17470->17505 17472 7ff77c319e47 17472->17288 17473 7ff77c328f50 17472->17473 17474 7ff77c31de30 4 API calls 17473->17474 17475 7ff77c328f69 17474->17475 17516 7ff77c3226b0 QueryPerformanceFrequency 17475->17516 17477 7ff77c328f6e 17479 7ff77c328fe9 17477->17479 17517 7ff77c322070 17477->17517 17487 7ff77c32925b ISource 17479->17487 17531 7ff77c33f450 17479->17531 17481 7ff77c32945c 17482 7ff77c378e70 _swprintf_c_l 3 API calls 17481->17482 17481->17487 17483 7ff77c329592 17482->17483 17483->17487 17554 7ff77c321cc0 17483->17554 17485 7ff77c3295bd 17559 7ff77c33dc30 17485->17559 17487->17289 17489 7ff77c3167d2 17488->17489 17490 7ff77c31680d 17489->17490 17722 7ff77c31fa80 CreateEventW 17489->17722 17490->17291 17492 7ff77c3167e4 17492->17490 17723 7ff77c31b130 CreateThread 17492->17723 17494 7ff77c316803 17494->17291 17496 7ff77c31e7f7 17495->17496 17497 7ff77c31e7ff 17496->17497 17498 7ff77c378e70 _swprintf_c_l 3 API calls 17496->17498 17497->17292 17501 7ff77c31e831 17498->17501 17499 7ff77c31e968 ISource 17499->17292 17501->17499 17503 7ff77c31e8c5 ISource 17501->17503 17726 7ff77c324160 17501->17726 17502 7ff77c31e902 ISource 17502->17292 17503->17502 17732 7ff77c3243f0 17503->17732 17510 7ff77c324a30 17505->17510 17508 7ff77c321baf 17508->17472 17511 7ff77c378e70 _swprintf_c_l 3 API calls 17510->17511 17512 7ff77c321b98 17511->17512 17512->17508 17513 7ff77c326580 17512->17513 17514 7ff77c378e70 _swprintf_c_l 3 API calls 17513->17514 17515 7ff77c326595 17514->17515 17515->17508 17516->17477 17518 7ff77c322093 17517->17518 17519 7ff77c3220a7 GetCurrentProcess IsProcessInJob 17518->17519 17524 7ff77c3221e4 17518->17524 17521 7ff77c3220fc 17519->17521 17522 7ff77c3221a3 17519->17522 17520 7ff77c322232 GlobalMemoryStatusEx 17525 7ff77c322228 17520->17525 17521->17522 17526 7ff77c322106 QueryInformationJobObject 17521->17526 17523 7ff77c3221bb GlobalMemoryStatusEx 17522->17523 17522->17524 17523->17524 17524->17520 17524->17525 17528 7ff77c378e50 8 API calls 17525->17528 17526->17522 17527 7ff77c322128 17526->17527 17527->17522 17529 7ff77c32216c GlobalMemoryStatusEx 17527->17529 17530 7ff77c322274 17528->17530 17529->17522 17530->17479 17582 7ff77c322700 VirtualAlloc 17531->17582 17533 7ff77c33f472 17534 7ff77c33f4d7 17533->17534 17658 7ff77c3224a0 InitializeCriticalSection 17533->17658 17535 7ff77c33f8cd 17534->17535 17585 7ff77c350220 17534->17585 17538 7ff77c33f501 _swprintf_c_l 17553 7ff77c33f743 17538->17553 17595 7ff77c33f150 17538->17595 17540 7ff77c33f6d8 17599 7ff77c33cc20 17540->17599 17544 7ff77c33f712 17544->17553 17606 7ff77c33f8f0 17544->17606 17547 7ff77c33f738 17659 7ff77c3227f0 VirtualFree 17547->17659 17549 7ff77c33f767 17549->17553 17620 7ff77c352eb0 17549->17620 17553->17481 17555 7ff77c378e70 _swprintf_c_l 3 API calls 17554->17555 17556 7ff77c321ce6 17555->17556 17557 7ff77c321cee CreateEventW 17556->17557 17558 7ff77c321d10 ISource 17556->17558 17557->17558 17558->17485 17560 7ff77c33dcba _swprintf_c_l 17559->17560 17561 7ff77c321cc0 4 API calls 17560->17561 17562 7ff77c33dcc8 17561->17562 17581 7ff77c33e527 17562->17581 17700 7ff77c322690 QueryPerformanceCounter 17562->17700 17565 7ff77c33dce6 17566 7ff77c33e056 17565->17566 17565->17581 17701 7ff77c341470 17565->17701 17567 7ff77c341470 9 API calls 17566->17567 17568 7ff77c33e089 17567->17568 17569 7ff77c341470 9 API calls 17568->17569 17568->17581 17570 7ff77c33e0c8 17569->17570 17571 7ff77c378e70 _swprintf_c_l 3 API calls 17570->17571 17570->17581 17572 7ff77c33e391 17571->17572 17573 7ff77c33e3dd 17572->17573 17574 7ff77c33e3f4 17572->17574 17572->17581 17576 7ff77c33e3ea DebugBreak 17573->17576 17573->17581 17575 7ff77c378e70 _swprintf_c_l 3 API calls 17574->17575 17577 7ff77c33e440 17575->17577 17576->17581 17578 7ff77c378e70 _swprintf_c_l 3 API calls 17577->17578 17577->17581 17579 7ff77c33e4cd 17578->17579 17579->17581 17715 7ff77c3224a0 InitializeCriticalSection 17579->17715 17581->17487 17583 7ff77c322739 17582->17583 17584 7ff77c322721 VirtualFree 17582->17584 17583->17533 17584->17533 17586 7ff77c35024f 17585->17586 17587 7ff77c35027c 17586->17587 17588 7ff77c350272 17586->17588 17593 7ff77c3502a7 17586->17593 17589 7ff77c322810 3 API calls 17587->17589 17660 7ff77c322890 17588->17660 17591 7ff77c35028d 17589->17591 17591->17593 17671 7ff77c3227f0 VirtualFree 17591->17671 17593->17538 17597 7ff77c33f16f 17595->17597 17598 7ff77c33f18c 17597->17598 17672 7ff77c321d80 17597->17672 17598->17540 17600 7ff77c33cc42 17599->17600 17601 7ff77c378e50 8 API calls 17600->17601 17602 7ff77c33cd63 17601->17602 17603 7ff77c322810 17602->17603 17604 7ff77c322854 GetCurrentProcess VirtualAllocExNuma 17603->17604 17605 7ff77c322835 VirtualAlloc 17603->17605 17604->17544 17605->17604 17610 7ff77c33f91e 17606->17610 17607 7ff77c33f928 17608 7ff77c378e50 8 API calls 17607->17608 17609 7ff77c33f734 17608->17609 17609->17547 17609->17549 17610->17607 17611 7ff77c33fcd3 EnterCriticalSection 17610->17611 17612 7ff77c33fd00 LeaveCriticalSection 17610->17612 17614 7ff77c33fdf1 LeaveCriticalSection 17610->17614 17615 7ff77c33fdc7 17610->17615 17679 7ff77c322740 17610->17679 17611->17610 17611->17612 17612->17610 17617 7ff77c33fdfd 17614->17617 17616 7ff77c33fdd0 EnterCriticalSection 17615->17616 17615->17617 17616->17614 17617->17607 17619 7ff77c33fe35 EnterCriticalSection LeaveCriticalSection 17617->17619 17682 7ff77c3227d0 VirtualFree 17617->17682 17619->17617 17683 7ff77c352dc0 17620->17683 17623 7ff77c33eb10 17624 7ff77c33eb40 17623->17624 17631 7ff77c321cc0 4 API calls 17624->17631 17656 7ff77c33eb9f 17624->17656 17625 7ff77c33f12d 17627 7ff77c33f142 17625->17627 17628 7ff77c33f136 17625->17628 17626 7ff77c33f121 17698 7ff77c321c20 CloseHandle 17626->17698 17627->17553 17699 7ff77c321c20 CloseHandle 17628->17699 17632 7ff77c33ebdf 17631->17632 17633 7ff77c321cc0 4 API calls 17632->17633 17632->17656 17634 7ff77c33ebf5 _swprintf_c_l 17633->17634 17635 7ff77c321e90 10 API calls 17634->17635 17634->17656 17636 7ff77c33ef1a 17635->17636 17637 7ff77c321cc0 4 API calls 17636->17637 17638 7ff77c33ef97 17637->17638 17639 7ff77c33efd9 17638->17639 17642 7ff77c321cc0 4 API calls 17638->17642 17640 7ff77c33f0d9 17639->17640 17641 7ff77c33f0cd 17639->17641 17639->17656 17644 7ff77c33f0ee 17640->17644 17645 7ff77c33f0e2 17640->17645 17694 7ff77c321c20 CloseHandle 17641->17694 17646 7ff77c33efad 17642->17646 17648 7ff77c33f0f7 17644->17648 17649 7ff77c33f103 17644->17649 17695 7ff77c321c20 CloseHandle 17645->17695 17646->17639 17689 7ff77c321c40 17646->17689 17696 7ff77c321c20 CloseHandle 17648->17696 17651 7ff77c33f10c 17649->17651 17649->17656 17697 7ff77c321c20 CloseHandle 17651->17697 17654 7ff77c33efc3 17654->17639 17655 7ff77c321cc0 4 API calls 17654->17655 17655->17639 17656->17625 17656->17626 17657 7ff77c33f087 17656->17657 17657->17553 17658->17534 17659->17553 17661 7ff77c3228be LookupPrivilegeValueW 17660->17661 17662 7ff77c322956 GetLargePageMinimum 17660->17662 17663 7ff77c3228da GetCurrentProcess OpenProcessToken 17661->17663 17664 7ff77c32298f 17661->17664 17665 7ff77c322993 GetCurrentProcess VirtualAllocExNuma 17662->17665 17666 7ff77c322976 VirtualAlloc 17662->17666 17663->17664 17667 7ff77c322911 AdjustTokenPrivileges GetLastError CloseHandle 17663->17667 17668 7ff77c378e50 8 API calls 17664->17668 17665->17664 17666->17664 17667->17664 17669 7ff77c32294b 17667->17669 17670 7ff77c3229c6 17668->17670 17669->17662 17669->17664 17670->17591 17671->17593 17673 7ff77c321d88 17672->17673 17674 7ff77c321dcd ISource 17673->17674 17675 7ff77c321da1 GetLogicalProcessorInformation 17673->17675 17674->17598 17676 7ff77c321dc2 GetLastError 17675->17676 17677 7ff77c321dd4 17675->17677 17676->17674 17676->17677 17677->17674 17678 7ff77c321e11 GetLogicalProcessorInformation 17677->17678 17678->17674 17680 7ff77c32275b VirtualAlloc 17679->17680 17681 7ff77c32277e GetCurrentProcess VirtualAllocExNuma 17679->17681 17680->17610 17681->17610 17682->17617 17684 7ff77c352dd9 17683->17684 17688 7ff77c33f8ac 17683->17688 17685 7ff77c352df4 LoadLibraryExW 17684->17685 17684->17688 17686 7ff77c352e22 GetProcAddress 17685->17686 17685->17688 17687 7ff77c352e37 17686->17687 17687->17688 17688->17623 17690 7ff77c378e70 _swprintf_c_l 3 API calls 17689->17690 17691 7ff77c321c66 17690->17691 17692 7ff77c321c6e CreateEventW 17691->17692 17693 7ff77c321c8e ISource 17691->17693 17692->17693 17693->17654 17694->17640 17695->17644 17696->17649 17697->17656 17698->17625 17699->17627 17700->17565 17704 7ff77c34149d 17701->17704 17702 7ff77c341577 17707 7ff77c3415d1 17702->17707 17711 7ff77c322740 3 API calls 17702->17711 17703 7ff77c3414f3 EnterCriticalSection 17706 7ff77c341510 17703->17706 17704->17702 17704->17703 17705 7ff77c3415c1 LeaveCriticalSection 17708 7ff77c3415cd 17705->17708 17706->17705 17710 7ff77c341555 LeaveCriticalSection 17706->17710 17716 7ff77c33e5b0 17707->17716 17708->17565 17710->17702 17712 7ff77c34159d 17711->17712 17712->17707 17713 7ff77c3415a1 17712->17713 17713->17708 17714 7ff77c3415ab EnterCriticalSection 17713->17714 17714->17705 17715->17581 17718 7ff77c33e5e1 17716->17718 17717 7ff77c33e775 17717->17708 17718->17717 17719 7ff77c33e75f DebugBreak 17718->17719 17720 7ff77c33e764 17718->17720 17719->17720 17720->17717 17721 7ff77c33e770 DebugBreak 17720->17721 17721->17717 17722->17492 17724 7ff77c31b15f 17723->17724 17725 7ff77c31b165 SetThreadPriority ResumeThread FindCloseChangeNotification 17723->17725 17724->17494 17725->17494 17727 7ff77c324193 _swprintf_c_l 17726->17727 17731 7ff77c3241b9 ISource _swprintf_c_l 17727->17731 17735 7ff77c325110 17727->17735 17729 7ff77c3241b0 17730 7ff77c31b220 InitializeCriticalSectionEx 17729->17730 17729->17731 17730->17731 17731->17501 17731->17731 17733 7ff77c31b200 DeleteCriticalSection 17732->17733 17734 7ff77c324402 17733->17734 17736 7ff77c322810 3 API calls 17735->17736 17737 7ff77c325132 17736->17737 17738 7ff77c32513a 17737->17738 17739 7ff77c322740 3 API calls 17737->17739 17738->17729 17740 7ff77c325158 17739->17740 17743 7ff77c325163 _swprintf_c_l 17740->17743 17744 7ff77c3227f0 VirtualFree 17740->17744 17742 7ff77c32527e 17742->17729 17743->17729 17744->17742 17746 7ff77c31affe GetProcAddress 17745->17746 17747 7ff77c31b013 17745->17747 17746->17747 17747->17307 17749 7ff77c31afae GetProcAddress 17748->17749 17750 7ff77c31afc3 17748->17750 17749->17750 17750->17309 17828 7ff77c312310 17830 7ff77c312320 17828->17830 17829 7ff77c312359 17830->17829 17831 7ff77c3125d0 17 API calls 17830->17831 17832 7ff77c3cc971 17831->17832 17833 7ff77c328412 17834 7ff77c328418 17833->17834 17857 7ff77c339230 17834->17857 17837 7ff77c328454 17861 7ff77c322690 QueryPerformanceCounter 17837->17861 17840 7ff77c328472 17862 7ff77c31a2e0 17840->17862 17842 7ff77c3285b5 17850 7ff77c3284d5 17842->17850 17878 7ff77c339f60 17842->17878 17846 7ff77c3285fa 17847 7ff77c33d760 11 API calls 17846->17847 17846->17850 17847->17850 17848 7ff77c3287e0 17849 7ff77c339230 SwitchToThread 17848->17849 17852 7ff77c3287eb 17849->17852 17850->17848 17854 7ff77c328764 17850->17854 17899 7ff77c322690 QueryPerformanceCounter 17850->17899 17856 7ff77c32880e 17852->17856 17908 7ff77c3226e0 SetEvent 17852->17908 17900 7ff77c319f80 17854->17900 17858 7ff77c328436 17857->17858 17859 7ff77c33924f 17857->17859 17858->17837 17872 7ff77c3226d0 ResetEvent 17858->17872 17859->17858 17860 7ff77c339291 SwitchToThread 17859->17860 17860->17859 17861->17840 17863 7ff77c31a2f5 17862->17863 17867 7ff77c31a358 17863->17867 17917 7ff77c31ac10 EventEnabled 17863->17917 17865 7ff77c31a32f 17865->17867 17918 7ff77c31a4a0 EventWrite 17865->17918 17909 7ff77c314fa0 17867->17909 17870 7ff77c31a3ac 17870->17842 17870->17850 17873 7ff77c339460 17870->17873 17877 7ff77c339480 17873->17877 17874 7ff77c33d760 11 API calls 17874->17877 17875 7ff77c3394ea 17875->17842 17877->17874 17877->17875 17936 7ff77c33d010 17877->17936 17882 7ff77c339f75 17878->17882 17879 7ff77c33a05d 17880 7ff77c32d020 24 API calls 17879->17880 17885 7ff77c33a06f 17880->17885 17881 7ff77c33a074 17883 7ff77c33e5b0 2 API calls 17881->17883 17882->17879 17882->17881 17896 7ff77c339f79 17882->17896 17884 7ff77c33a09a 17883->17884 17884->17885 17886 7ff77c33a0b1 EnterCriticalSection LeaveCriticalSection 17884->17886 17887 7ff77c333d20 7 API calls 17885->17887 17890 7ff77c33a110 17885->17890 17885->17896 17886->17885 17888 7ff77c33a0f6 17887->17888 17888->17890 17891 7ff77c33a0fa 17888->17891 17889 7ff77c33a1b8 DebugBreak 17892 7ff77c33a1c7 17889->17892 17890->17889 17893 7ff77c33a17b DebugBreak 17890->17893 17895 7ff77c33a198 DebugBreak 17890->17895 17897 7ff77c33a1af 17890->17897 17894 7ff77c3364a0 5 API calls 17891->17894 17892->17896 17898 7ff77c33a1db DebugBreak 17892->17898 17893->17890 17894->17896 17895->17890 17896->17846 17897->17889 17897->17892 17898->17896 17899->17854 17901 7ff77c319f8d 17900->17901 17905 7ff77c319fbf 17900->17905 18021 7ff77c31ac10 EventEnabled 17901->18021 17903 7ff77c319fa0 17903->17905 18022 7ff77c31a450 EventWrite 17903->18022 17906 7ff77c31a00e 17905->17906 18025 7ff77c31ac10 EventEnabled 17905->18025 17906->17848 17910 7ff77c314fdf 17909->17910 17911 7ff77c315004 FlushProcessWriteBuffers 17910->17911 17913 7ff77c315030 17911->17913 17912 7ff77c315103 17912->17870 17921 7ff77c31ac10 EventEnabled 17912->17921 17913->17912 17914 7ff77c315069 17913->17914 17915 7ff77c31509e SwitchToThread 17913->17915 17914->17913 17922 7ff77c315d00 17914->17922 17915->17913 17917->17865 17919 7ff77c378e50 8 API calls 17918->17919 17920 7ff77c31a50a 17919->17920 17920->17867 17921->17870 17923 7ff77c315d27 17922->17923 17924 7ff77c315d07 17922->17924 17923->17914 17924->17923 17925 7ff77c31ad32 LoadLibraryExW GetProcAddress 17924->17925 17933 7ff77c31ad5e 17924->17933 17925->17933 17926 7ff77c31adba SuspendThread 17927 7ff77c31ae08 17926->17927 17928 7ff77c31adc8 GetThreadContext 17926->17928 17931 7ff77c378e50 8 API calls 17927->17931 17929 7ff77c31adff ResumeThread 17928->17929 17930 7ff77c31ade2 17928->17930 17929->17927 17930->17929 17932 7ff77c31ae18 17931->17932 17932->17914 17933->17926 17933->17927 17934 7ff77c31ada4 GetLastError 17933->17934 17934->17927 17935 7ff77c31adaf 17934->17935 17935->17926 17946 7ff77c33ceb0 17936->17946 17938 7ff77c33d021 17939 7ff77c33d106 DebugBreak 17938->17939 17941 7ff77c33d0c9 DebugBreak 17938->17941 17942 7ff77c33d0e6 DebugBreak 17938->17942 17943 7ff77c33d138 17938->17943 17945 7ff77c33d0fd 17938->17945 17940 7ff77c33d115 17939->17940 17940->17943 17944 7ff77c33d129 DebugBreak 17940->17944 17941->17938 17942->17938 17943->17877 17944->17943 17945->17939 17945->17940 17949 7ff77c33ced2 17946->17949 17947 7ff77c33cf25 17957 7ff77c32d020 17947->17957 17949->17947 17950 7ff77c33cf40 17949->17950 17952 7ff77c33e5b0 2 API calls 17950->17952 17951 7ff77c33cf38 17953 7ff77c33cff5 17951->17953 17964 7ff77c33f360 17951->17964 17955 7ff77c33cf62 17952->17955 17953->17938 17955->17951 17956 7ff77c33cfb2 EnterCriticalSection LeaveCriticalSection 17955->17956 17956->17951 17959 7ff77c32d049 17957->17959 17959->17959 17960 7ff77c32d177 17959->17960 17983 7ff77c344a40 17959->17983 17961 7ff77c32d2ff 17960->17961 17962 7ff77c341470 9 API calls 17960->17962 17961->17951 17963 7ff77c32d326 17962->17963 17963->17951 17965 7ff77c33f379 17964->17965 17967 7ff77c33f415 17964->17967 17987 7ff77c333d20 17965->17987 17967->17953 17968 7ff77c33f3fb 17969 7ff77c3364a0 5 API calls 17968->17969 17971 7ff77c33f408 17969->17971 17971->17953 17972 7ff77c33f39c 17973 7ff77c33f3de 17972->17973 17974 7ff77c33f3a1 17972->17974 17977 7ff77c3364a0 5 API calls 17973->17977 17975 7ff77c33f3c1 17974->17975 17976 7ff77c33f3a6 17974->17976 17979 7ff77c3364a0 5 API calls 17975->17979 17993 7ff77c3364a0 17976->17993 17980 7ff77c33f3ee 17977->17980 17982 7ff77c33f3d1 17979->17982 17980->17953 17981 7ff77c33f3b4 17981->17953 17982->17953 17984 7ff77c344aa4 17983->17984 17986 7ff77c344a59 17983->17986 17984->17960 17985 7ff77c33f8f0 18 API calls 17985->17986 17986->17984 17986->17985 17988 7ff77c333d60 17987->17988 17992 7ff77c333de4 17987->17992 17988->17992 18001 7ff77c333c20 17988->18001 17990 7ff77c333d9f 17991 7ff77c333c20 7 API calls 17990->17991 17990->17992 17991->17992 17992->17967 17992->17968 17992->17972 17994 7ff77c3364d7 17993->17994 17996 7ff77c3364f9 _swprintf_c_l 17994->17996 18012 7ff77c350440 17994->18012 17997 7ff77c3365e0 17996->17997 18019 7ff77c3227d0 VirtualFree 17996->18019 17997->17981 17999 7ff77c3365a5 17999->17997 18000 7ff77c3365b3 EnterCriticalSection LeaveCriticalSection 17999->18000 18000->17997 18002 7ff77c333cb1 18001->18002 18003 7ff77c333c63 EnterCriticalSection 18001->18003 18006 7ff77c322740 3 API calls 18002->18006 18004 7ff77c333c8d LeaveCriticalSection 18003->18004 18005 7ff77c333c80 18003->18005 18004->18002 18005->18004 18007 7ff77c333cf1 LeaveCriticalSection 18005->18007 18010 7ff77c333cc2 18006->18010 18008 7ff77c333cfd 18007->18008 18008->17990 18009 7ff77c333d0a 18009->17990 18010->18008 18010->18009 18011 7ff77c333cd0 EnterCriticalSection 18010->18011 18011->18007 18020 7ff77c3227d0 VirtualFree 18012->18020 18014 7ff77c35045a 18015 7ff77c3504a4 18014->18015 18016 7ff77c35046b EnterCriticalSection 18014->18016 18015->17996 18017 7ff77c35048e 18016->18017 18018 7ff77c350495 LeaveCriticalSection 18016->18018 18017->18018 18018->18015 18019->17999 18020->18014 18021->17903 18023 7ff77c378e50 8 API calls 18022->18023 18024 7ff77c31a499 18023->18024 18024->17905 18025->17906 17751 7ff77c340560 17752 7ff77c34059d 17751->17752 17754 7ff77c3405c7 17751->17754 17753 7ff77c321e90 10 API calls 17752->17753 17753->17754 18026 7ff77c31a5b1 18027 7ff77c31a584 18026->18027 18028 7ff77c31a5c3 18026->18028 18030 7ff77c32725e 61 API calls 18028->18030 18032 7ff77c3273e1 18028->18032 18029 7ff77c31a5e4 18030->18029 18033 7ff77c3273c0 18032->18033 18034 7ff77c3272a9 18033->18034 18035 7ff77c329c50 3 API calls 18033->18035 18034->18029 18035->18034

                                              Executed Functions

                                              Function 00007FF77C3224C0 Relevance: 10.6, APIs: 7, Instructions: 120COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C3224CF
                                              • GetNumaHighestNodeNumber.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C32250D
                                              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C322539
                                              • GetProcessGroupAffinity.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C32254A
                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C322559
                                              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C3225F0
                                              • GetProcessAffinityMask.KERNEL32 ref: 00007FF77C322603
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Process$AffinityCurrent$ErrorGroupHighestInfoLastMaskNodeNumaNumberSystem
                                              • String ID:
                                              • API String ID: 580471860-0
                                              • Opcode ID: 7ecf9e13a330afa06f8beef30d834f864ee4498cc9ed1855e1d3942379770bb5
                                              • Instruction ID: f71f1cff1adbe2cd3f46e3cdb723099231100c8ebbbe650d73ce92a19707e3a8
                                              • Opcode Fuzzy Hash: 7ecf9e13a330afa06f8beef30d834f864ee4498cc9ed1855e1d3942379770bb5
                                              • Instruction Fuzzy Hash: FA518A33A3CA4686EB00AF19A9449A9E3A1EF4CB94FD44135D94D473A5EE3EE405C721
                                              Function 00007FF77C3155C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                                • Part of subcall function 00007FF77C31AE30: FlsAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C3155CB), ref: 00007FF77C31AE3B
                                                • Part of subcall function 00007FF77C31AE30: QueryInformationJobObject.KERNEL32 ref: 00007FF77C31AF0E
                                                • Part of subcall function 00007FF77C31ACD0: GetModuleHandleExW.KERNEL32(?,?,?,?,00007FF77C313699), ref: 00007FF77C31ACE1
                                              • RtlAddVectoredExceptionHandler.NTDLL ref: 00007FF77C315638
                                                • Part of subcall function 00007FF77C31D5C0: _wcsicmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF77C31D6BD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocExceptionHandleHandlerInformationModuleObjectQueryVectored_wcsicmp
                                              • String ID: StressLogLevel$TotalStressLogSize
                                              • API String ID: 2876344857-4058818204
                                              • Opcode ID: 45dc59bb53227d1381efa592a7d616e654f0d65a7567b6ffba862109cea427b1
                                              • Instruction ID: 378b18ae7e42e85efe3ef1790e28cb42d06affeace502581cac4ad81cc2619e6
                                              • Opcode Fuzzy Hash: 45dc59bb53227d1381efa592a7d616e654f0d65a7567b6ffba862109cea427b1
                                              • Instruction Fuzzy Hash: 76419433938E468BEB40BF24A0419B9E391AF8D788F841879ED4D17696DF2CE505C762
                                              Function 00007FF77C328F50 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 375 7ff77c328f50-7ff77c328f7e call 7ff77c31de30 call 7ff77c3226b0 380 7ff77c328f87-7ff77c328f95 375->380 381 7ff77c328f80-7ff77c328f85 375->381 382 7ff77c328f99-7ff77c328fe7 call 7ff77c319b20 call 7ff77c322280 call 7ff77c323690 380->382 381->382 389 7ff77c328ff9-7ff77c329000 call 7ff77c322070 382->389 390 7ff77c328fe9-7ff77c328ff7 382->390 393 7ff77c329005 389->393 391 7ff77c32900c-7ff77c329088 call 7ff77c3235a0 call 7ff77c323600 call 7ff77c3235b0 call 7ff77c3235d0 call 7ff77c323630 390->391 404 7ff77c32918e-7ff77c329198 391->404 405 7ff77c32908e-7ff77c329095 391->405 393->391 406 7ff77c32963d-7ff77c329653 404->406 408 7ff77c32919e-7ff77c3291a5 404->408 405->406 407 7ff77c32909b-7ff77c3290a2 405->407 407->406 409 7ff77c3290a8-7ff77c3290c2 call 7ff77c323610 call 7ff77c3235c0 call 7ff77c3235e0 407->409 410 7ff77c3291a9-7ff77c3291ac 408->410 432 7ff77c3290ef-7ff77c3290f5 409->432 433 7ff77c3290c4-7ff77c3290c6 409->433 412 7ff77c3291b3-7ff77c3291b6 410->412 414 7ff77c3291ca-7ff77c3291cd 412->414 415 7ff77c3291b8-7ff77c3291bb 412->415 418 7ff77c3291cf-7ff77c3291e1 call 7ff77c3235f0 414->418 419 7ff77c329246 414->419 415->414 417 7ff77c3291bd-7ff77c3291c4 415->417 417->406 417->414 427 7ff77c329205 418->427 428 7ff77c3291e3-7ff77c329203 418->428 421 7ff77c32924d-7ff77c329250 419->421 424 7ff77c329272-7ff77c32928d call 7ff77c323670 421->424 425 7ff77c329252-7ff77c329259 421->425 439 7ff77c3292e1-7ff77c3292f9 call 7ff77c323d60 call 7ff77c323d80 424->439 440 7ff77c32928f-7ff77c329299 424->440 425->424 429 7ff77c32925b-7ff77c329271 425->429 434 7ff77c32920c-7ff77c32920f 427->434 428->434 432->406 437 7ff77c3290fb-7ff77c329101 432->437 433->406 436 7ff77c3290cc-7ff77c3290cf 433->436 434->419 438 7ff77c329211-7ff77c329218 434->438 436->406 441 7ff77c3290d5-7ff77c3290ea 436->441 437->406 442 7ff77c329107-7ff77c32910b 437->442 438->425 443 7ff77c32921a-7ff77c329244 438->443 456 7ff77c3292fb-7ff77c329306 call 7ff77c323710 439->456 457 7ff77c32934c-7ff77c329366 call 7ff77c323710 439->457 445 7ff77c32929b-7ff77c3292a2 440->445 446 7ff77c3292b3-7ff77c3292ca 440->446 441->412 442->406 449 7ff77c329111-7ff77c32911a 442->449 443->421 447 7ff77c3292ce-7ff77c3292da 445->447 448 7ff77c3292a4-7ff77c3292a6 445->448 446->447 447->439 451 7ff77c3292a8-7ff77c3292ab 448->451 452 7ff77c3292ad-7ff77c3292b1 448->452 449->406 453 7ff77c329120-7ff77c32918c 449->453 451->447 452->447 453->410 462 7ff77c329308-7ff77c329310 call 7ff77c32b720 456->462 463 7ff77c329313-7ff77c329338 call 7ff77c32b6d0 456->463 468 7ff77c329368-7ff77c329378 457->468 469 7ff77c32937c-7ff77c329388 457->469 462->463 471 7ff77c329399-7ff77c3293c9 call 7ff77c323d70 call 7ff77c323560 call 7ff77c323680 463->471 472 7ff77c32933a-7ff77c32934a call 7ff77c32b6d0 463->472 468->469 473 7ff77c32938a-7ff77c32938f 469->473 474 7ff77c329391-7ff77c329396 469->474 483 7ff77c3293e7-7ff77c3293f1 471->483 484 7ff77c3293cb-7ff77c3293e6 471->484 472->471 473->471 474->471 485 7ff77c32941d-7ff77c329424 483->485 486 7ff77c3293f3-7ff77c3293ff 483->486 489 7ff77c32942a-7ff77c329431 485->489 490 7ff77c329633 485->490 487 7ff77c329401-7ff77c329404 486->487 488 7ff77c329406-7ff77c32941b 486->488 487->489 488->489 489->490 491 7ff77c329437-7ff77c329457 call 7ff77c33f450 489->491 490->406 493 7ff77c32945c-7ff77c329490 call 7ff77c323d20 call 7ff77c323d50 call 7ff77c323d30 call 7ff77c323d40 491->493 502 7ff77c329625 493->502 503 7ff77c329496-7ff77c3294cd call 7ff77c323620 493->503 506 7ff77c32962c 502->506 507 7ff77c3294ee-7ff77c329504 503->507 508 7ff77c3294cf-7ff77c3294ec 503->508 506->490 510 7ff77c329532-7ff77c32953c 507->510 511 7ff77c329506-7ff77c329530 507->511 509 7ff77c32953e-7ff77c329551 508->509 512 7ff77c32955e 509->512 513 7ff77c329553-7ff77c32955c 509->513 510->509 511->510 514 7ff77c329564-7ff77c329595 call 7ff77c323660 call 7ff77c378e70 512->514 513->514 514->506 519 7ff77c32959b-7ff77c3295ad call 7ff77c321c00 514->519 519->490 522 7ff77c3295b3-7ff77c3295bf call 7ff77c321cc0 519->522 525 7ff77c3295d7-7ff77c32960a call 7ff77c33dc30 522->525 526 7ff77c3295c1-7ff77c3295cd call 7ff77c314a30 522->526 531 7ff77c32960c call 7ff77c378dac 525->531 532 7ff77c329611-7ff77c329614 525->532 526->525 531->532 532->502 534 7ff77c329616-7ff77c329620 call 7ff77c3528b0 call 7ff77c314a30 532->534 534->502
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: GlobalMemoryProcessQueryStatus$CurrentFrequencyInformationObjectPerformance
                                              • String ID: Creation of WaitForGCEvent failed$TraceGC is not turned on
                                              • API String ID: 133006248-518909315
                                              • Opcode ID: 542490f3281f9ec5935c23756829aefb1db30947c7d8b3d75492c27f59141b81
                                              • Instruction ID: 885965ccfa5d9e9e14f1f3d748bed3f06a27ad14b3f688aad6206e688efca9da
                                              • Opcode Fuzzy Hash: 542490f3281f9ec5935c23756829aefb1db30947c7d8b3d75492c27f59141b81
                                              • Instruction Fuzzy Hash: 9A028E23E3D70782FF54FB11A869A74A2D5AF4C790FE4493DD90E477A1EE2DA4408321
                                              Function 00007FF77C33C160 Relevance: .7, Instructions: 694COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c7a140566dae9a4fba68076e8192626d085c825284fdfb18a21c1693e6838f9
                                              • Instruction ID: c81ac99f2fe4caba7de7a857e3d24c9879b903a387a8485a6824441163b5261f
                                              • Opcode Fuzzy Hash: 2c7a140566dae9a4fba68076e8192626d085c825284fdfb18a21c1693e6838f9
                                              • Instruction Fuzzy Hash: B462C163A3874686FB25AB25A455B39F791BF4C780FE08739D90E53251EF3DE880C621
                                              Function 00007FF77C340560 Relevance: .4, Instructions: 398COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CurrentProcess
                                              • String ID:
                                              • API String ID: 2050909247-0
                                              • Opcode ID: 604403f3aac9de18e02c808f39cfdf9296956c65b9ee2d11eb55e13a3e953c9f
                                              • Instruction ID: 49c613f5ba7180e1417901cf45b703d51e27f0676786c451a810d9b2f4400a60
                                              • Opcode Fuzzy Hash: 604403f3aac9de18e02c808f39cfdf9296956c65b9ee2d11eb55e13a3e953c9f
                                              • Instruction Fuzzy Hash: 1902A473F3864687FB15EB25A895A34F791AF4C744FA48A39C40D5B260DF3EB580C621
                                              Function 00007FF77C33EB10 Relevance: .3, Instructions: 332COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4758fcd36253205b66e6ee8f40eaefffe5d4d9abfaad721640ae2f4df7b9cc35
                                              • Instruction ID: 3eeda2e0687275014282e1d6b963e5ad02a08c731a9febd1d7f2ff7a922d1191
                                              • Opcode Fuzzy Hash: 4758fcd36253205b66e6ee8f40eaefffe5d4d9abfaad721640ae2f4df7b9cc35
                                              • Instruction Fuzzy Hash: 3EF19223D3DB4287FB42FB24AD55674E365AF5D384FE48739D40D112A2EF2EB5908221
                                              Function 00007FF77C322070 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: GlobalMemoryStatus$Process$CurrentInformationObjectQuery
                                              • String ID: @$@$@
                                              • API String ID: 2645093340-1177533131
                                              • Opcode ID: f97ad304849a1431e4f3e87175d7cbd2d95d287c41a756e0b52c30f8d3b71cfe
                                              • Instruction ID: f1753e4a923974e1deb67bb2a43ba261f49513cbefa5209e9c9d367b62b184fc
                                              • Opcode Fuzzy Hash: f97ad304849a1431e4f3e87175d7cbd2d95d287c41a756e0b52c30f8d3b71cfe
                                              • Instruction Fuzzy Hash: 37514032729BC185EB719F11E940BAAB3A0FB88B60F844135CA9D57B98DF3DE4458B11
                                              Function 00007FF77C31AE30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • FlsAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C3155CB), ref: 00007FF77C31AE3B
                                                • Part of subcall function 00007FF77C3224C0: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C3224CF
                                                • Part of subcall function 00007FF77C3224C0: GetNumaHighestNodeNumber.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C32250D
                                                • Part of subcall function 00007FF77C3224C0: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C322539
                                                • Part of subcall function 00007FF77C3224C0: GetProcessGroupAffinity.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C32254A
                                                • Part of subcall function 00007FF77C3224C0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C31AE5A), ref: 00007FF77C322559
                                                • Part of subcall function 00007FF77C31D5C0: _wcsicmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF77C31D6BD
                                              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C3155CB), ref: 00007FF77C31AEAA
                                              • GetProcessAffinityMask.KERNEL32 ref: 00007FF77C31AEBD
                                              • QueryInformationJobObject.KERNEL32 ref: 00007FF77C31AF0E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Process$AffinityCurrent$AllocErrorGroupHighestInfoInformationLastMaskNodeNumaNumberObjectQuerySystem_wcsicmp
                                              • String ID: PROCESSOR_COUNT
                                              • API String ID: 296690692-4048346908
                                              • Opcode ID: b270e94377580d3288a1bcf3e941d1207372f9dfc2ea9df1a3f3ba46b40a03d9
                                              • Instruction ID: 0b067643d8fc2d0aed2286813e713b40cacf1ea15d94f79e0132027237254795
                                              • Opcode Fuzzy Hash: b270e94377580d3288a1bcf3e941d1207372f9dfc2ea9df1a3f3ba46b40a03d9
                                              • Instruction Fuzzy Hash: F7318E73A38A438AEB54BB54D880AB9F3A0EF48755FD00439D65D43695DE2CE8498732
                                              Function 00007FF77C316480 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88sleepCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Strings
                                              • Fatal error. Invalid Program: attempted to call a UnmanagedCallersOnly method from managed code., xrefs: 00007FF77C316586
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExceptionFailFastRaise$Sleep
                                              • String ID: Fatal error. Invalid Program: attempted to call a UnmanagedCallersOnly method from managed code.
                                              • API String ID: 3706814929-926682358
                                              • Opcode ID: fec1ccdd5174ac2505eae89ee321da76851430eb507b79bb22477138be6a87ff
                                              • Instruction ID: b06696c52aed55362b113c3730be1804d492e569b76a9a8d6c060d733eb1993a
                                              • Opcode Fuzzy Hash: fec1ccdd5174ac2505eae89ee321da76851430eb507b79bb22477138be6a87ff
                                              • Instruction Fuzzy Hash: CE416A33A39A068BEB90EF55E454B69B3A0EB4CB88F944839DA4D43394DF3DE450C721
                                              Function 00007FF77C31B130 Relevance: 6.0, APIs: 4, Instructions: 26threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$ChangeCloseCreateFindNotificationPriorityResume
                                              • String ID:
                                              • API String ID: 2150560229-0
                                              • Opcode ID: 797a42ad1a02e68e8dda0a1c160f46f9bccc89019008f5d8015a25128a62028d
                                              • Instruction ID: b1b25d81038c806a689368a15a375bc45c1e264171bea015eb6db12cba791fa2
                                              • Opcode Fuzzy Hash: 797a42ad1a02e68e8dda0a1c160f46f9bccc89019008f5d8015a25128a62028d
                                              • Instruction Fuzzy Hash: 6CE065A6A3570282EF14BB22B81433597906F9CB99F884434CE4E06360DF3C91854610
                                              Function 00007FF77C321E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 119 7ff77c321e90-7ff77c321ec1 120 7ff77c321ec7-7ff77c321ee2 GetCurrentProcess call 7ff77c378a6f 119->120 121 7ff77c321f7f-7ff77c321f9c GlobalMemoryStatusEx 119->121 120->121 130 7ff77c321ee8-7ff77c321ef0 120->130 122 7ff77c322022-7ff77c322025 121->122 123 7ff77c321fa2-7ff77c321fa5 121->123 128 7ff77c322027-7ff77c32202b 122->128 129 7ff77c32202e-7ff77c322031 122->129 126 7ff77c321fa7-7ff77c321fb2 123->126 127 7ff77c322011-7ff77c322014 123->127 131 7ff77c321fbb-7ff77c321fcc 126->131 132 7ff77c321fb4-7ff77c321fb9 126->132 133 7ff77c322019-7ff77c32201c 127->133 134 7ff77c322016 127->134 128->129 135 7ff77c32203b-7ff77c32203e 129->135 136 7ff77c322033-7ff77c322038 129->136 139 7ff77c321f5a-7ff77c321f5f 130->139 140 7ff77c321ef2-7ff77c321ef8 130->140 141 7ff77c321fd0-7ff77c321fe1 131->141 132->141 137 7ff77c322048-7ff77c32206b call 7ff77c378e50 133->137 142 7ff77c32201e-7ff77c322020 133->142 134->133 135->137 138 7ff77c322040 135->138 136->135 143 7ff77c322045 138->143 149 7ff77c321f71-7ff77c321f74 139->149 150 7ff77c321f61-7ff77c321f64 139->150 144 7ff77c321efa-7ff77c321eff 140->144 145 7ff77c321f01-7ff77c321f15 140->145 147 7ff77c321fea-7ff77c321ffe 141->147 148 7ff77c321fe3-7ff77c321fe8 141->148 142->143 143->137 151 7ff77c321f19-7ff77c321f2a 144->151 145->151 153 7ff77c322002-7ff77c32200e 147->153 148->153 149->137 156 7ff77c321f7a 149->156 154 7ff77c321f6b-7ff77c321f6e 150->154 155 7ff77c321f66-7ff77c321f69 150->155 157 7ff77c321f2c-7ff77c321f31 151->157 158 7ff77c321f33-7ff77c321f47 151->158 153->127 154->149 155->149 156->143 159 7ff77c321f4b-7ff77c321f57 157->159 158->159 159->139
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CurrentGlobalMemoryProcessStatus
                                              • String ID: @
                                              • API String ID: 3261791682-2766056989
                                              • Opcode ID: 08fb357760ee07a770a744109e7a6e344503c8149823deb5f180863c7e2f9c72
                                              • Instruction ID: bde07d41430130d6d92de5773b7108f145484f8755410eaee38a365a4ac8ae03
                                              • Opcode Fuzzy Hash: 08fb357760ee07a770a744109e7a6e344503c8149823deb5f180863c7e2f9c72
                                              • Instruction Fuzzy Hash: 16412223A39B4641EF66DA369A10B39E2526F5DBD0F58C335E90E22744FF3DE891C610
                                              Function 00007FF77C341470 Relevance: 5.1, APIs: 4, Instructions: 112COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF77C32D326,?,-8000000000000000,00000001,00007FF77C33C4E6), ref: 00007FF77C3414FA
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF77C32D326,?,-8000000000000000,00000001,00007FF77C33C4E6), ref: 00007FF77C341569
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF77C32D326,?,-8000000000000000,00000001,00007FF77C33C4E6), ref: 00007FF77C3415B2
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF77C32D326,?,-8000000000000000,00000001,00007FF77C33C4E6), ref: 00007FF77C3415C8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: b425638a6e70c30cd72ce7cc57c0788705c17328c805340536d3a1b7a1700000
                                              • Instruction ID: 154f4214511058c2a5c1aa9407896aaf4bb8c7885b117bd98ea09c3331b2855d
                                              • Opcode Fuzzy Hash: b425638a6e70c30cd72ce7cc57c0788705c17328c805340536d3a1b7a1700000
                                              • Instruction Fuzzy Hash: 5B519233A38A4292EB10EF11E854AB4F7A0FB08794FE40539DA5E47A95DF3CE655C321
                                              Function 00007FF77C3502E0 Relevance: 5.1, APIs: 4, Instructions: 84COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,00000001,00007FF77C33D839), ref: 00007FF77C350320
                                              • LeaveCriticalSection.KERNEL32(?,00000000,00000001,00007FF77C33D839), ref: 00007FF77C350396
                                              • EnterCriticalSection.KERNEL32(?,00000000,00000001,00007FF77C33D839), ref: 00007FF77C3503EE
                                              • LeaveCriticalSection.KERNEL32(?,00000000,00000001,00007FF77C33D839), ref: 00007FF77C350414
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 13d948e5fa3df0cfca703f1770c43ab0ec44fa3814605dd8c07f8631823b0f7e
                                              • Instruction ID: 6dbc8894fb43e3a88ff3a2c68ae922f01585f5ec4a098e1b522cea45552e7a72
                                              • Opcode Fuzzy Hash: 13d948e5fa3df0cfca703f1770c43ab0ec44fa3814605dd8c07f8631823b0f7e
                                              • Instruction Fuzzy Hash: AC418363B3CA0692EB10FB11F854B79A694FF1C340FD50439DA4D4A692EE6EE540C321
                                              Function 00007FF77C32CD40 Relevance: 4.7, APIs: 3, Instructions: 195threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 258 7ff77c32cd40-7ff77c32cd6d 259 7ff77c32cd6f 258->259 260 7ff77c32cd76-7ff77c32cd7e 259->260 261 7ff77c32cd8c-7ff77c32cdac 260->261 262 7ff77c32cd80-7ff77c32cd8a call 7ff77c350690 260->262 263 7ff77c32cdb2-7ff77c32cdb8 261->263 264 7ff77c32cea3-7ff77c32cea9 261->264 262->259 266 7ff77c32ce8d-7ff77c32ce98 263->266 267 7ff77c32cdbe 263->267 268 7ff77c32ceab-7ff77c32ceb1 call 7ff77c333480 264->268 269 7ff77c32ceb6-7ff77c32ceb9 264->269 266->263 271 7ff77c32ce9e 266->271 272 7ff77c32cdc0-7ff77c32cdc6 267->272 268->269 274 7ff77c32cf7a-7ff77c32cf84 call 7ff77c3449a0 269->274 275 7ff77c32cebf-7ff77c32cec6 269->275 271->264 277 7ff77c32cdc8-7ff77c32cdd0 272->277 278 7ff77c32ce32-7ff77c32ce42 call 7ff77c319560 272->278 286 7ff77c32cfec-7ff77c32cfef 274->286 287 7ff77c32cf86-7ff77c32cf8c 274->287 279 7ff77c32cecc-7ff77c32ced4 275->279 280 7ff77c32cf71-7ff77c32cf78 275->280 277->278 283 7ff77c32cdd2-7ff77c32cdd9 277->283 297 7ff77c32ce66-7ff77c32ce6e 278->297 298 7ff77c32ce44-7ff77c32ce4b 278->298 279->280 284 7ff77c32ceda-7ff77c32cf04 279->284 280->274 285 7ff77c32cf22-7ff77c32cf36 call 7ff77c32d9f0 280->285 289 7ff77c32ce29-7ff77c32ce30 SwitchToThread 283->289 290 7ff77c32cddb-7ff77c32cde8 283->290 284->280 291 7ff77c32cf06-7ff77c32cf1d call 7ff77c34e0c0 284->291 302 7ff77c32cf3b-7ff77c32cf45 285->302 286->285 294 7ff77c32cff5-7ff77c32d00d call 7ff77c32d470 286->294 295 7ff77c32cf9d-7ff77c32cfad call 7ff77c3504d0 287->295 296 7ff77c32cf8e-7ff77c32cf91 287->296 293 7ff77c32ce83-7ff77c32ce87 289->293 299 7ff77c32cdea 290->299 300 7ff77c32ce08-7ff77c32ce0c 290->300 291->285 293->266 293->272 294->302 322 7ff77c32cfbb-7ff77c32cfc1 295->322 323 7ff77c32cfaf-7ff77c32cfb9 call 7ff77c3449a0 295->323 296->295 304 7ff77c32cf93-7ff77c32cf98 call 7ff77c333480 296->304 309 7ff77c32ce7a-7ff77c32ce7c 297->309 310 7ff77c32ce70-7ff77c32ce75 call 7ff77c350690 297->310 305 7ff77c32ce4d-7ff77c32ce53 298->305 306 7ff77c32ce5c-7ff77c32ce61 call 7ff77c3226f0 298->306 308 7ff77c32cdf0-7ff77c32cdf4 299->308 300->293 311 7ff77c32ce0e-7ff77c32ce16 300->311 302->260 312 7ff77c32cf4b-7ff77c32cf70 302->312 304->295 305->306 315 7ff77c32ce55-7ff77c32ce5a SwitchToThread 305->315 306->297 308->300 318 7ff77c32cdf6-7ff77c32cdfe 308->318 309->293 320 7ff77c32ce7e call 7ff77c3194e0 309->320 310->309 311->293 321 7ff77c32ce18-7ff77c32ce27 call 7ff77c319560 SwitchToThread 311->321 315->297 318->300 324 7ff77c32ce00-7ff77c32ce06 318->324 320->293 321->309 328 7ff77c32cfcc-7ff77c32cfe7 call 7ff77c34e0c0 322->328 329 7ff77c32cfc3-7ff77c32cfc6 322->329 323->286 323->322 324->300 324->308 328->286 329->285 329->328
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: SwitchThread
                                              • String ID:
                                              • API String ID: 115865932-0
                                              • Opcode ID: 0367fbf184d9da815e74a64e67e3c73c88d77959e1b0efac48cd030915a12f3a
                                              • Instruction ID: 64ea84fa874e64c1549ca62eea757c196172b3cfb420e276619d905d539b872b
                                              • Opcode Fuzzy Hash: 0367fbf184d9da815e74a64e67e3c73c88d77959e1b0efac48cd030915a12f3a
                                              • Instruction Fuzzy Hash: 03718D23E3864356FF64BF21B840A35E691AF0C784FA0053DE95D962E2DF3DF4408662
                                              Function 00007FF77C322740 Relevance: 4.5, APIs: 3, Instructions: 34memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • VirtualAlloc.KERNELBASE(?,?,?,?,00000000,00007FF77C325158,?,?,0000000A,00007FF77C3241B0,?,?,00000000,00007FF77C31E8A1), ref: 00007FF77C322767
                                              • GetCurrentProcess.KERNEL32(?,?,?,?,00000000,00007FF77C325158,?,?,0000000A,00007FF77C3241B0,?,?,00000000,00007FF77C31E8A1), ref: 00007FF77C322787
                                              • VirtualAllocExNuma.KERNEL32 ref: 00007FF77C3227A8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocVirtual$CurrentNumaProcess
                                              • String ID:
                                              • API String ID: 647533253-0
                                              • Opcode ID: 0ee9833a7794a767601698390b6fdb287f23bc31715070173f580906f203b271
                                              • Instruction ID: 18fb20ec23fdaad101b0a5b55242d6b3675e6396423cdf88804a3d491c9014b1
                                              • Opcode Fuzzy Hash: 0ee9833a7794a767601698390b6fdb287f23bc31715070173f580906f203b271
                                              • Instruction Fuzzy Hash: 5CF0C872B286D182EB209F0AF500619EB60AB49FE4F880139EF8C17B58CF3DD5818B10
                                              Function 00007FF77C319D50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: EventRegister
                                              • String ID: gcConservative
                                              • API String ID: 3840811365-1953527212
                                              • Opcode ID: ffe3c2faf81b3ef910fad80c62d0f8518216a282887ed91876dae107d6d140ff
                                              • Instruction ID: 5de142d2ac068cd01ec207c7777ba14899f55f0fb55ca655a9b521f5a348deed
                                              • Opcode Fuzzy Hash: ffe3c2faf81b3ef910fad80c62d0f8518216a282887ed91876dae107d6d140ff
                                              • Instruction Fuzzy Hash: 8631F733A38B478BEB40BB55E4849A5A760FF88748FA0083ADA0D07661DF3DE554C761
                                              Function 00007FF77C378D70 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF77C378E79,?,?,?,?,00007FF77C31D9D1,?,?,?,00007FF77C31DF4C,00000000,00000020,?), ref: 00007FF77C378D8A
                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF77C378DA0
                                                • Part of subcall function 00007FF77C3797AC: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF77C3797B5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Concurrency::cancel_current_taskmallocstd::bad_alloc::bad_alloc
                                              • String ID:
                                              • API String ID: 205171174-0
                                              • Opcode ID: 95691fa6baedfe018d50a01fc6fec94552b967e93a3eb7814b2b8a2ad8293209
                                              • Instruction ID: cdf85acd711554b6ce9ec3afc01b83f7a3b7bb137c9ce475588b22770b748c5a
                                              • Opcode Fuzzy Hash: 95691fa6baedfe018d50a01fc6fec94552b967e93a3eb7814b2b8a2ad8293209
                                              • Instruction Fuzzy Hash: 7FE0B602E3924751FF59356626978B491804F6F774EAC1B3CD93E192C2AD1CA4924633
                                              Function 00007FF77C3364A0 Relevance: 2.6, APIs: 2, Instructions: 107COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 30e9e35b31ec2547a70cda4d383b3805e38872ae1b4e46b8a6fe90720136f9e7
                                              • Instruction ID: 460ccdcf42c40e4d4d86adaa515bd9576a5ebb67effaef7a0ead11ee91e4a13f
                                              • Opcode Fuzzy Hash: 30e9e35b31ec2547a70cda4d383b3805e38872ae1b4e46b8a6fe90720136f9e7
                                              • Instruction Fuzzy Hash: 06419463A38A4285EB10AB25A954679A360FF1CBF4F950339D97C876E9DF2DE040C361
                                              Function 00007FF77C31FC50 Relevance: 2.6, APIs: 2, Instructions: 86memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: d4ca215575fd0c6e0bae6fe572d759c8f06235c4c5b30343d008d1ca5d55f1ae
                                              • Instruction ID: 828a898e058b5aeb93db6f2f8a69c2819af5564293c5115ffcb2e6bda236b4fe
                                              • Opcode Fuzzy Hash: d4ca215575fd0c6e0bae6fe572d759c8f06235c4c5b30343d008d1ca5d55f1ae
                                              • Instruction Fuzzy Hash: 4031B233B35E5186E715AB16950053AA2A0EB4DBD4F848539DF4C17BA4DF38E4628391
                                              Function 00007FF77C350440 Relevance: 2.5, APIs: 2, Instructions: 28COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 00007FF77C3227D0: VirtualFree.KERNELBASE ref: 00007FF77C3227DA
                                              • EnterCriticalSection.KERNEL32(?,?,?,00007FF77C3364F9,?,?,?,00007FF77C33C51D), ref: 00007FF77C350472
                                              • LeaveCriticalSection.KERNEL32(?,?,?,00007FF77C3364F9,?,?,?,00007FF77C33C51D), ref: 00007FF77C35049C
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CriticalSection$EnterFreeLeaveVirtual
                                              • String ID:
                                              • API String ID: 1320683145-0
                                              • Opcode ID: b5911a8c8c100c65425a835202cd376d10abe74bf2f3be4458c4a8add018ab75
                                              • Instruction ID: 9de87227e8310116cdd5edf37a56d7c54c7aa15731d1e68ee07130f6594acb90
                                              • Opcode Fuzzy Hash: b5911a8c8c100c65425a835202cd376d10abe74bf2f3be4458c4a8add018ab75
                                              • Instruction Fuzzy Hash: 29F0D123E3864291EB10BB24F8886B9B7E4FF483A0FD40438D99D069A28E2DE440C720
                                              Function 00007FF77C322700 Relevance: 2.5, APIs: 2, Instructions: 17memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Virtual$AllocFree
                                              • String ID:
                                              • API String ID: 2087232378-0
                                              • Opcode ID: 21fe628a8c245d1f009263de4e24fe02042f17ce3a1401def6f39cd1a18418fe
                                              • Instruction ID: 125f207934b51823bea29ee968d72742800a920ed7ce03980619e1b96d110544
                                              • Opcode Fuzzy Hash: 21fe628a8c245d1f009263de4e24fe02042f17ce3a1401def6f39cd1a18418fe
                                              • Instruction Fuzzy Hash: 89E0C225F3710282EF18AB17A985E2597916F8DB10FC48038C40D03350DE2EA19B8B20
                                              Function 00007FF77C32725E Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: BreakDebug
                                              • String ID:
                                              • API String ID: 456121617-0
                                              • Opcode ID: bb02521482f357d091ee9155b463287af1990604d8e730fb2d95daa1db2f584a
                                              • Instruction ID: 2e3728e1b6b8a1193e5d409e1b700ee86c039615ed8c92d9c51272b951172c50
                                              • Opcode Fuzzy Hash: bb02521482f357d091ee9155b463287af1990604d8e730fb2d95daa1db2f584a
                                              • Instruction Fuzzy Hash: 9341A323E38A4242FF10AA16D4419B9A391FB8E7E0F940239EE5D537C5DF3CE542C251
                                              Function 00007FF77C3B42C0 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                              Download Yara Rule
                                              APIs
                                              • CoInitializeEx.OLE32(?,?,?,?,00000010,?,?,?,?,?,?,?,00007FF77C3B421E), ref: 00007FF77C3B4312
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Initialize
                                              • String ID:
                                              • API String ID: 2538663250-0
                                              • Opcode ID: 6fc7cc4146f5747cc890be62c27bf3cdfe6ca6f53a9e4cc5994f0fe45c4595da
                                              • Instruction ID: 20c7a93f941907c911520305e4832329d98a7b2613f58c50173b2cad218a4b09
                                              • Opcode Fuzzy Hash: 6fc7cc4146f5747cc890be62c27bf3cdfe6ca6f53a9e4cc5994f0fe45c4595da
                                              • Instruction Fuzzy Hash: B8212823E3C8259AF710BA619802DFDE6602F49794FD8443DDD4C17A86DE2CE9838362
                                              Function 00007FF77C315780 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExceptionFailFastQueryRaiseVirtual
                                              • String ID:
                                              • API String ID: 3307674043-0
                                              • Opcode ID: 2c91771eec3dc57a2273c33921620eef897886fe8a235db23191d302b680ff9f
                                              • Instruction ID: 6c601c91ee74908fb357bfc7025804b1290b3286d820b9da701ad15c0575a894
                                              • Opcode Fuzzy Hash: 2c91771eec3dc57a2273c33921620eef897886fe8a235db23191d302b680ff9f
                                              • Instruction Fuzzy Hash: 0511A333A28B8182DB14EF25B44559AB360FB4A7B4F444339E6BD577D6DF38D0028702
                                              Function 00007FF77C3227D0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeVirtual
                                              • String ID:
                                              • API String ID: 1263568516-0
                                              • Opcode ID: f9194b57a0946cc2409ad4d497bf7a480cce94f9d72206b6568b2ab60965888a
                                              • Instruction ID: 6f8e5a3ac6f34e4b519e05905ad3650081a5efb1f741f3b596fdeae8c2db02b2
                                              • Opcode Fuzzy Hash: f9194b57a0946cc2409ad4d497bf7a480cce94f9d72206b6568b2ab60965888a
                                              • Instruction Fuzzy Hash: 43B01200F37002C2E70437237C8270806552B4DF16FC40034C608A1250CD1C91E51B21

                                              Non-executed Functions

                                              Function 00007FF77C322A60 Relevance: 111.8, Strings: 89, Instructions: 525COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: BGCFLEnableFF$BGCFLEnableKd$BGCFLEnableKi$BGCFLEnableSmooth$BGCFLEnableTBH$BGCFLGradualD$BGCFLSmoothFactor$BGCFLSweepGoal$BGCFLSweepGoalLOH$BGCFLTuningEnabled$BGCFLff$BGCFLkd$BGCFLki$BGCFLkp$BGCG2RatioStep$BGCMLki$BGCMLkp$BGCMemGoal$BGCMemGoalSlack$BGCSpin$BGCSpinCount$BreakOnOOM$CompactRatio$ConcurrentGC$ConfigLogEnabled$ConfigLogFile$ConservativeGC$ForceCompact$GCConfigLogFile$GCConserveMem$GCCpuGroup$GCEnableSpecialRegions$GCEnabledInstructionSets$GCGen0MaxBudget$GCGen1MaxBudget$GCHeapAffinitizeMask$GCHeapAffinitizeRanges$GCHeapHardLimit$GCHeapHardLimitLOH$GCHeapHardLimitLOHPercent$GCHeapHardLimitPOH$GCHeapHardLimitPOHPercent$GCHeapHardLimitPercent$GCHeapHardLimitSOH$GCHeapHardLimitSOHPercent$GCHighMemPercent$GCLargePages$GCLogFile$GCLowSkipRatio$GCName$GCNumaAware$GCProvModeStress$GCRegionRange$GCRegionSize$GCWriteBarrier$Gen0Size$HeapCount$HeapVerifyLevel$LOHCompactionMode$LOHThreshold$LatencyLevel$LatencyMode$LogEnabled$LogFile$LogFileSize$NoAffinitize$RetainVM$SegmentSize$ServerGC$System.GC.Concurrent$System.GC.ConserveMemory$System.GC.CpuGroup$System.GC.HeapAffinitizeMask$System.GC.HeapAffinitizeRanges$System.GC.HeapCount$System.GC.HeapHardLimit$System.GC.HeapHardLimitLOH$System.GC.HeapHardLimitLOHPercent$System.GC.HeapHardLimitPOH$System.GC.HeapHardLimitPOHPercent$System.GC.HeapHardLimitPercent$System.GC.HeapHardLimitSOH$System.GC.HeapHardLimitSOHPercent$System.GC.HighMemoryPercent$System.GC.LargePages$System.GC.Name$System.GC.NoAffinitize$System.GC.RetainVM$System.GC.Server
                                              • API String ID: 0-658696054
                                              • Opcode ID: 5d91cec8345dcd14847125137ea3c03a11dcadacceb965cd2ffe1bbf1cb37226
                                              • Instruction ID: 291c51aa8f4b04b0890bbba4c3966093138e34f7e914ea361b18f9ef7b063fdd
                                              • Opcode Fuzzy Hash: 5d91cec8345dcd14847125137ea3c03a11dcadacceb965cd2ffe1bbf1cb37226
                                              • Instruction Fuzzy Hash: 69324D62638E5642EB60BB16F850AAAA765FF4D7C8FC15132DA8C07F28DF3DD2118714
                                              Function 00007FF77C323720 Relevance: 102.8, Strings: 82, Instructions: 270COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: BGCFLEnableFF$BGCFLEnableKd$BGCFLEnableKi$BGCFLEnableSmooth$BGCFLEnableTBH$BGCFLGradualD$BGCFLSmoothFactor$BGCFLSweepGoal$BGCFLSweepGoalLOH$BGCFLTuningEnabled$BGCFLff$BGCFLkd$BGCFLki$BGCFLkp$BGCG2RatioStep$BGCMLki$BGCMLkp$BGCMemGoal$BGCMemGoalSlack$BGCSpin$BGCSpinCount$GCBreakOnOOM$GCCompactRatio$GCConfigLogEnabled$GCConserveMemory$GCCpuGroup$GCEnableSpecialRegions$GCEnabledInstructionSets$GCGen0MaxBudget$GCGen1MaxBudget$GCHeapAffinitizeMask$GCHeapCount$GCHeapHardLimit$GCHeapHardLimitLOH$GCHeapHardLimitLOHPercent$GCHeapHardLimitPOH$GCHeapHardLimitPOHPercent$GCHeapHardLimitPercent$GCHeapHardLimitSOH$GCHeapHardLimitSOHPercent$GCHighMemPercent$GCLOHCompact$GCLOHThreshold$GCLargePages$GCLatencyLevel$GCLatencyMode$GCLogEnabled$GCLogFileSize$GCLowSkipRatio$GCNoAffinitize$GCNumaAware$GCProvModeStress$GCRegionRange$GCRegionSize$GCRetainVM$GCSegmentSize$GCTotalPhysicalMemory$GCWriteBarrier$GCgen0size$HeapVerify$System.GC.Concurrent$System.GC.ConserveMemory$System.GC.CpuGroup$System.GC.HeapAffinitizeMask$System.GC.HeapCount$System.GC.HeapHardLimit$System.GC.HeapHardLimitLOH$System.GC.HeapHardLimitLOHPercent$System.GC.HeapHardLimitPOH$System.GC.HeapHardLimitPOHPercent$System.GC.HeapHardLimitPercent$System.GC.HeapHardLimitSOH$System.GC.HeapHardLimitSOHPercent$System.GC.HighMemoryPercent$System.GC.LargePages$System.GC.NoAffinitize$System.GC.RetainVM$System.GC.Server$gcConcurrent$gcConservative$gcForceCompact$gcServer
                                              • API String ID: 0-2080704861
                                              • Opcode ID: 1d9ea1ae8f7853fcbb2035dbdcf46aaac34e09551b1d5d4f4f36f9c21da8c312
                                              • Instruction ID: 45db11e742b9cc91deb716737856365010ee753ce253792155eb2a9f7eb1cb61
                                              • Opcode Fuzzy Hash: 1d9ea1ae8f7853fcbb2035dbdcf46aaac34e09551b1d5d4f4f36f9c21da8c312
                                              • Instruction Fuzzy Hash: 1BF125A3D38E47A5FB40FB66EC504F5A766AF8C304BD488B7D00D4606A9E2DB259C371
                                              Function 00007FF77C322890 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Process$AllocCurrentTokenVirtual$AdjustCloseErrorHandleLargeLastLookupMinimumNumaOpenPagePrivilegePrivilegesValue
                                              • String ID: SeLockMemoryPrivilege
                                              • API String ID: 1752251271-475654710
                                              • Opcode ID: 1a2862dd90dccfa9a81e54bf5d2b295596dc0d2044562f65404962315b9e1cb2
                                              • Instruction ID: 58a46ed7f69aa078b937c0bc4fa9ebb850d7c6005bbe3bb9af6d5f77d95e3c1f
                                              • Opcode Fuzzy Hash: 1a2862dd90dccfa9a81e54bf5d2b295596dc0d2044562f65404962315b9e1cb2
                                              • Instruction Fuzzy Hash: 15319323A3D64386FB20AB62B944B76E7A1EF88B98F940039DA4D47754DE3DD0458B20
                                              Function 00007FF77C317EC0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 248COMMON
                                              Download Yara Rule
                                              APIs
                                              • RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF77C318880,?,?,?,?,?,?,?,?,?), ref: 00007FF77C317F4B
                                              • RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF77C318880,?,?,?,?,?,?,?,?,?), ref: 00007FF77C3180AA
                                              • RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF77C318880,?,?,?,?,?,?,?,?,?), ref: 00007FF77C3181A0
                                              • RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF77C318880,?,?,?,?,?,?,?,?,?), ref: 00007FF77C3181B6
                                              • RaiseFailFastException.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF77C318880,?,?,?,?,?,?,?,?,?), ref: 00007FF77C318216
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExceptionFailFastRaise
                                              • String ID: [ KeepUnwinding ]
                                              • API String ID: 2546344036-400895726
                                              • Opcode ID: 915c5e9101982ef85af9a43bc3cfe156fed0120c7793f84e5fde07d7cabb1885
                                              • Instruction ID: fb055405b91500f9e56249f393f38ec110db5c46e364609900e0ac5d44123161
                                              • Opcode Fuzzy Hash: 915c5e9101982ef85af9a43bc3cfe156fed0120c7793f84e5fde07d7cabb1885
                                              • Instruction Fuzzy Hash: 69C1A233624F468AEB55AF25D440AA973A1FB09B88F984539CE4D07398CF39D495C323
                                              Function 00007FF77C315270 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • The required instruction sets are not supported by the current CPU., xrefs: 00007FF77C31556E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExceptionFailFastRaise
                                              • String ID: The required instruction sets are not supported by the current CPU.
                                              • API String ID: 2546344036-3318624164
                                              • Opcode ID: bf7b72df4d136d0aac6dca5c477934f391bb1e94f0d28fd6456ad0c696d7c5ec
                                              • Instruction ID: 68cd2930f4ac5096fe451fe207accc024b55232e6235e4460cc13f8ec9c38f33
                                              • Opcode Fuzzy Hash: bf7b72df4d136d0aac6dca5c477934f391bb1e94f0d28fd6456ad0c696d7c5ec
                                              • Instruction Fuzzy Hash: 38719073B38A3A4BF7606B1D6849D38A6916F69344FF00C3DD40D4BA91CE3EB6505BA1
                                              Function 00007FF77C33DC30 Relevance: 2.0, APIs: 1, Instructions: 456COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: BreakCounterCreateDebugEventPerformanceQuery
                                              • String ID:
                                              • API String ID: 4239280443-0
                                              • Opcode ID: c34d052a868cd4b60924c0b1e92cbc460f46e007d6bb4a206f187a08c30cf7c3
                                              • Instruction ID: 96769425f63170ca472c4ed095f49450a65ef1ada490c169ac57cf392130a478
                                              • Opcode Fuzzy Hash: c34d052a868cd4b60924c0b1e92cbc460f46e007d6bb4a206f187a08c30cf7c3
                                              • Instruction Fuzzy Hash: 8C42E873D38B4286E700EB25F898674B7A4FB5D744FA05A39D98C12765EF3EA190D320
                                              Function 00007FF77C341800 Relevance: 1.9, Strings: 1, Instructions: 621COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID: 0-3916222277
                                              • Opcode ID: 170f8f4704fea771372d3c5e4c17b39ad4eafef7f37a81aab25316a8070dc8bd
                                              • Instruction ID: 63947af2658a6456bd9a2d1e852805eda2659b6fbb3aaacc836c0fef117a170b
                                              • Opcode Fuzzy Hash: 170f8f4704fea771372d3c5e4c17b39ad4eafef7f37a81aab25316a8070dc8bd
                                              • Instruction Fuzzy Hash: 4252B233A38F8682EB109F19E854A79B7A1FB49794FA00636C95D4B7A0DF3DE550C321
                                              Function 00007FF77C337F10 Relevance: 1.7, Strings: 1, Instructions: 481COMMON
                                              Download Yara Rule
                                              Strings
                                              • ========== ENDGC %d (gen = %lu, collect_classes = %lu) ===========}, xrefs: 00007FF77C3386FB
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: ========== ENDGC %d (gen = %lu, collect_classes = %lu) ===========}
                                              • API String ID: 0-2256439813
                                              • Opcode ID: 061b6938f4016a34bcb0bd81591986c075d9c77a106380fc5b89187094526531
                                              • Instruction ID: 0f1c4e52969fa9e73508ff2a4f69e87eb03bb511aa0fe27db45263a76ff32a16
                                              • Opcode Fuzzy Hash: 061b6938f4016a34bcb0bd81591986c075d9c77a106380fc5b89187094526531
                                              • Instruction Fuzzy Hash: 5542A032A39B8287EB05AB19D454379B7A1FF08B48FA4453ACA4D07361DF3EE065C721
                                              Function 00007FF77C32E2F0 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: ?
                                              • API String ID: 0-1684325040
                                              • Opcode ID: 39d35dd192e213be530d99728a9c3530756a8bd52014cd6a83916c8dc71fdbc9
                                              • Instruction ID: 90b70e7e56f73105f38502e0743a1d30d719643328fea15c735d0b90ad7c8634
                                              • Opcode Fuzzy Hash: 39d35dd192e213be530d99728a9c3530756a8bd52014cd6a83916c8dc71fdbc9
                                              • Instruction Fuzzy Hash: 7B12DD33A38A8282EF10EB05E445AB9B3A5FB48B94F94463ADE5D47794DF3CE444C721
                                              Function 00007FF77C31DD30 Relevance: 1.6, APIs: 1, Instructions: 55timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Time$FileSystem
                                              • String ID:
                                              • API String ID: 2086374402-0
                                              • Opcode ID: 5c980d6ba46e3a73f0dcc2ee7f1a165251c54b4aeab7c0793880b0067312ad67
                                              • Instruction ID: 9671dcf16961bc7d960c390235d4d65a44bc4663a56c17fa73ee5fe56b3c3bff
                                              • Opcode Fuzzy Hash: 5c980d6ba46e3a73f0dcc2ee7f1a165251c54b4aeab7c0793880b0067312ad67
                                              • Instruction Fuzzy Hash: 2F214B32E38B429BE780BB65A8446A6B2E0EB4D340FA08979E54C43761DF3EE440C761
                                              Function 00007FF77C3340D0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CounterPerformanceQuery
                                              • String ID:
                                              • API String ID: 2783962273-3916222277
                                              • Opcode ID: d52441a9fe127e5d59a6260759f4b20b6237ae2c80609afff28cd25b6676035c
                                              • Instruction ID: accf3a10277ce12eadb89ae0aa19fb61317facbd6d35b699ca6e73085907808b
                                              • Opcode Fuzzy Hash: d52441a9fe127e5d59a6260759f4b20b6237ae2c80609afff28cd25b6676035c
                                              • Instruction Fuzzy Hash: 62D1E363A38A4682FB00AB25E850679BBA0FF49BA4F944739DA6D537D4DF3CE051C311
                                              Function 00007FF77C342700 Relevance: .9, Instructions: 945COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d9884e8459a2da4eee788d28edbed6ad75013be01f180accf8dedfb5a0459d2e
                                              • Instruction ID: e1c0e67a015ad2680a7d32af287b372be012fc332832a503bbf5b8480e4e3ceb
                                              • Opcode Fuzzy Hash: d9884e8459a2da4eee788d28edbed6ad75013be01f180accf8dedfb5a0459d2e
                                              • Instruction Fuzzy Hash: 8492D263E38B4646EB41BB55A858EB4E391AF0DBC4FD4453AD80E6B360DF3EE5418321
                                              Function 00007FF77C343600 Relevance: .6, Instructions: 626COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 549e6052dfb5f75015054c6104143178bc8924d384410c045d17cae26b1dd661
                                              • Instruction ID: 2270bb6126b7b6a6af8ddf1ebef09f2524112bf00d7c43e88d3fbc347ddb9ec9
                                              • Opcode Fuzzy Hash: 549e6052dfb5f75015054c6104143178bc8924d384410c045d17cae26b1dd661
                                              • Instruction Fuzzy Hash: 4C429D63B38B4286EB50AF25E8405B9B7A1FB48BC8F54053AEE4D1BB58DE3CE541C711
                                              Function 00007FF77C343F70 Relevance: .6, Instructions: 583COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7bc02a47b9c6b537f87ba7f03e9d8996afc695ebb4e05c8f65f414fc91164dd3
                                              • Instruction ID: 878c290c7a7bdf94fc2da905d58f1aab04251b03698dcc1abe96f1d645268a69
                                              • Opcode Fuzzy Hash: 7bc02a47b9c6b537f87ba7f03e9d8996afc695ebb4e05c8f65f414fc91164dd3
                                              • Instruction Fuzzy Hash: A632B173F39B4586FB10DF65D840ABCA7A1EB08B88B94053ACE0D5B788DE38E555C361
                                              Function 00007FF77C32FDA0 Relevance: .4, Instructions: 432COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 567bd8c800cafad585b7cf90b26b86391f749c9adea7eec1786a4c820cec952b
                                              • Instruction ID: 7208f90010d4b80699806cb2f4ea42c8887a6363092fcfcc515be5a539e35efc
                                              • Opcode Fuzzy Hash: 567bd8c800cafad585b7cf90b26b86391f749c9adea7eec1786a4c820cec952b
                                              • Instruction Fuzzy Hash: B802C273B34A4287EB149F19E444AB8B360AB49BA4FD0463ACA6D5B7D5CF3DE441C321
                                              Function 00007FF77C3369D0 Relevance: .4, Instructions: 415COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ae9fc67e00198cb791d6b42d7e224a19ac5270105391cad9a71a2955a2d292d9
                                              • Instruction ID: 452ea14fe093492cabd1ff6ce75a851e601e71d9f4050ab24a4d888f962a8ffd
                                              • Opcode Fuzzy Hash: ae9fc67e00198cb791d6b42d7e224a19ac5270105391cad9a71a2955a2d292d9
                                              • Instruction Fuzzy Hash: 8BF13823F39B4D45EA12A6379501BB4D6617F6E7C4E6DCB36E84D367A0EF2CB0818610
                                              Function 00007FF77C334890 Relevance: .4, Instructions: 361COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a30e9ccede4defc8cb9bb7021f2aed867e6faa058a659ec2196f15f4e69dc293
                                              • Instruction ID: 51838dd0d443b27e69121723f4dd6f38ca4e16993d5dfbc3baa9df555fce655a
                                              • Opcode Fuzzy Hash: a30e9ccede4defc8cb9bb7021f2aed867e6faa058a659ec2196f15f4e69dc293
                                              • Instruction Fuzzy Hash: 8EF1EF63A38B8582EB00AF299844678BB61FB59BA4F948335DE6D07795DF3DE181C310
                                              Function 00007FF77C32F7F4 Relevance: .4, Instructions: 357COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CounterPerformanceQuery
                                              • String ID:
                                              • API String ID: 2783962273-0
                                              • Opcode ID: c1850e810df6202e2c71cd3c6d27a795553a239f11018daae015bd6db6a2eabd
                                              • Instruction ID: 5c212319d2d1b391f7d570f18c63598473eb3a7f8d65fbf6d6e5a2ecfd3633a0
                                              • Opcode Fuzzy Hash: c1850e810df6202e2c71cd3c6d27a795553a239f11018daae015bd6db6a2eabd
                                              • Instruction Fuzzy Hash: B2029023A39B5645FF12BB28A454734A7A0BF4DB98FA44639CD4D533A0DF3EE481C221
                                              Function 00007FF77C3489D0 Relevance: .3, Instructions: 332COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a067f801db91a70f563a5d40447dd11d047fed665657b512b0d6a88a55159cf1
                                              • Instruction ID: 5d27556c7b021d83ecaec66ed911ed047d8c10e753da391e438d8d892b0b813e
                                              • Opcode Fuzzy Hash: a067f801db91a70f563a5d40447dd11d047fed665657b512b0d6a88a55159cf1
                                              • Instruction Fuzzy Hash: C2E1C273A3978587EB51AB15D854778B7A1FB48B80F90463AC94D873A0DF3DE584C312
                                              Function 00007FF77C332934 Relevance: .3, Instructions: 327COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2d93270e60e16491fbe54944405fcef5222b15305876aeadfc7a3f6476fd23a8
                                              • Instruction ID: fafafc9c9ca9608a483dcc113efc715e5d6f3d8a628c1d52bc5f878c1eed0a23
                                              • Opcode Fuzzy Hash: 2d93270e60e16491fbe54944405fcef5222b15305876aeadfc7a3f6476fd23a8
                                              • Instruction Fuzzy Hash: BEE13513E3AFC549E717E7359011B74E358AF6A7C0F948336ED4F26662DF2AA1828211
                                              Function 00007FF77C3388C0 Relevance: .3, Instructions: 273COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4edf0397d65345d120d8a261b0ef52faea315b51b514a397b6118f37b68e7496
                                              • Instruction ID: cc6dafac2e36aceeeede895f641c6badffa00d6ec1617387a9e3b112a8651bc5
                                              • Opcode Fuzzy Hash: 4edf0397d65345d120d8a261b0ef52faea315b51b514a397b6118f37b68e7496
                                              • Instruction Fuzzy Hash: 36C17D73A38B4682EB00AF09E854679B760EB49BA4FD44636C96D477A0DF3DE450C322
                                              Function 00007FF77C342290 Relevance: .3, Instructions: 268COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f81cb8a8fa680b7983bac6cb0d1cb7bd7e58e6fd297d06bcd676f255ee82a72e
                                              • Instruction ID: a4ba30d7121749e82a453d36e9be56cbf443116732b89c6f8d289cfedc9d431b
                                              • Opcode Fuzzy Hash: f81cb8a8fa680b7983bac6cb0d1cb7bd7e58e6fd297d06bcd676f255ee82a72e
                                              • Instruction Fuzzy Hash: 7EC19F33A38B4682EB00EB09E854979F761EB49BA4BD40636C95D577A0DF3EE550C320
                                              Function 00007FF77C3357F0 Relevance: .3, Instructions: 251COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a88597bd80fbec51528b2ed85b6bd883d763db581cbee44f11464c4b77c7b693
                                              • Instruction ID: 594a4c869c1055740ea5facf31be8605577fdba375f5b5efe84c0ac6883845bb
                                              • Opcode Fuzzy Hash: a88597bd80fbec51528b2ed85b6bd883d763db581cbee44f11464c4b77c7b693
                                              • Instruction Fuzzy Hash: D291E473B34A9587DB549F0AE484AA8BBA2F789BD0F85403ADA4E87B45DF3DD404C710
                                              Function 00007FF77C3269D0 Relevance: .2, Instructions: 189COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c5450eb009bbb477380e5294b5de819db12dd9e00ce9680b9f4d20b2e4ec7d5
                                              • Instruction ID: bd3f7406d888b32980e010a2327a1c0db806ce86e988b68b0ab5214b4ba24d99
                                              • Opcode Fuzzy Hash: 2c5450eb009bbb477380e5294b5de819db12dd9e00ce9680b9f4d20b2e4ec7d5
                                              • Instruction Fuzzy Hash: 62916F73A39B8296E710AB15E8447AAB3A4FB5C784FA0453ADA8D83761DF3DE044C711
                                              Function 00007FF77C338D40 Relevance: .2, Instructions: 171COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 437c2bb9eed3bb237656b73319d9a7c63277ab8907db6804528c2f463d4bd837
                                              • Instruction ID: 95054ab559393e21ba348f6ce6d99234b3219618fe64ad152622c444f2b75874
                                              • Opcode Fuzzy Hash: 437c2bb9eed3bb237656b73319d9a7c63277ab8907db6804528c2f463d4bd837
                                              • Instruction Fuzzy Hash: 1351E723B3AB4E41EB06977B5101AB9C5525F5E7C0E9CCB36E90E36790EF3DB0908612
                                              Function 00007FF77C333010 Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dd315fed3be031c9e26a90a11914652993b972776a13770548698b9b4cb4de5d
                                              • Instruction ID: 1d7e3a5d40f3be72f5494825587c7a60dc8d984ff6955c402b2b67cbcbffc3cc
                                              • Opcode Fuzzy Hash: dd315fed3be031c9e26a90a11914652993b972776a13770548698b9b4cb4de5d
                                              • Instruction Fuzzy Hash: 80611433E38F854AD756EB249446D68E35ABF497C0BA4D335D90FA3252DF3DA0A2C610
                                              Function 00007FF77C33F360 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 1fa7a848999a6a82e6943152a9856c355e6e1e90088799d98739f212ba5528bb
                                              • Instruction ID: e71fdc52bee1a004cf8651de27b9582a9130467cdd9746a2c341d721a515d68e
                                              • Opcode Fuzzy Hash: 1fa7a848999a6a82e6943152a9856c355e6e1e90088799d98739f212ba5528bb
                                              • Instruction Fuzzy Hash: C4210A23B3C24242EF94AB39A296E7D5350EF8D794FD42175DE0C03B86DD2DD5914701
                                              Function 00007FF77C31A990 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85libraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ContextInitialize$AddressEnabledErrorFeaturesHandleLastModuleProcState
                                              • String ID: InitializeContext2$kernel32.dll
                                              • API String ID: 4102459504-3117029998
                                              • Opcode ID: edabfeb27e12de1ac58e4de23520e38ce78f3386a9e832e640fcf79b6a971462
                                              • Instruction ID: b420b42e3a66ed8426349f775be682d5d49d6013a7126c011e0b87ee335f94e7
                                              • Opcode Fuzzy Hash: edabfeb27e12de1ac58e4de23520e38ce78f3386a9e832e640fcf79b6a971462
                                              • Instruction Fuzzy Hash: 80318423A39B4686FB01AB56B640A29E7E0BF8CB95F840435DD5D037A4DF7CE446C721
                                              Function 00007FF77C315D00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 83threadlibraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$AddressContextErrorLastLibraryLoadProcResumeSuspend
                                              • String ID: QueueUserAPC2$kernel32
                                              • API String ID: 3714266957-4022151419
                                              • Opcode ID: 1854c6662005a05bccb6cd86df4f5362b47cb18156353affd7ed6c801de71de6
                                              • Instruction ID: 2dd1cb5515d33b336cc800f203909493216e39f3f7ad5ad1c660edb887daff49
                                              • Opcode Fuzzy Hash: 1854c6662005a05bccb6cd86df4f5362b47cb18156353affd7ed6c801de71de6
                                              • Instruction Fuzzy Hash: DF31C232B38E0246FB50BB15E954779B3A1AF4CBA5FD00638DD2D866E0DF2CE4428721
                                              Function 00007FF77C32D9F0 Relevance: 10.7, APIs: 7, Instructions: 227threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: SwitchThread
                                              • String ID:
                                              • API String ID: 115865932-0
                                              • Opcode ID: 8855a6a9be19cc912e040998a95c185b2b15f028c0bb56cd1e5e4913b5d84e9d
                                              • Instruction ID: ec83fd575214c8065a6c07e2572c6db6b0386ef2ed5124d198bdd55092d224b2
                                              • Opcode Fuzzy Hash: 8855a6a9be19cc912e040998a95c185b2b15f028c0bb56cd1e5e4913b5d84e9d
                                              • Instruction Fuzzy Hash: 99A17933E3C6134AFB54BB25A851E75E290AF1C754FE0053DE81D86AD5EE2EB840C672
                                              Function 00007FF77C332240 Relevance: 10.6, APIs: 7, Instructions: 134threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$CriticalSectionSwitch$Leave$CurrentEnter
                                              • String ID:
                                              • API String ID: 2584832284-0
                                              • Opcode ID: 911a7cc94664f48a14bb56dfd2eba76f0f521efe915744327b0e3e75a7d93955
                                              • Instruction ID: ee5b1c0940dfe8bae446d4073b08707e52e317fe0197d43d39f78525e8b7c825
                                              • Opcode Fuzzy Hash: 911a7cc94664f48a14bb56dfd2eba76f0f521efe915744327b0e3e75a7d93955
                                              • Instruction Fuzzy Hash: 8F514133E3D21387FB54BB259855E79A691AF0C750FD0093DE80D862D3EE2EB4418A72
                                              Function 00007FF77C316100 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Current$Thread$DuplicateExceptionFailFastHandleProcessQueryRaiseVirtual
                                              • String ID:
                                              • API String ID: 510365852-3916222277
                                              • Opcode ID: fabd27e107bbfd348c5fcb363ee42fc01df79ff2f7dd51d048f6b6b90d90cb7c
                                              • Instruction ID: 1f6f55704ba5842ea8436cc32a2e864da2d8ddde657dd93e352b875ac6e0fc96
                                              • Opcode Fuzzy Hash: fabd27e107bbfd348c5fcb363ee42fc01df79ff2f7dd51d048f6b6b90d90cb7c
                                              • Instruction Fuzzy Hash: 4C11B073A18B818AD750EF55A44159AB360FB497B4F440338E6BD4BAD6CF38D5428701
                                              Function 00007FF77C33D410 Relevance: 9.2, APIs: 6, Instructions: 189threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: SwitchThread
                                              • String ID:
                                              • API String ID: 115865932-0
                                              • Opcode ID: cc35ecd5a93063da1183701248f17dca1c596e2e1d8d9986a40f28483dcd9575
                                              • Instruction ID: 5ddd1d626037c4bd645aedb757143c9ee890d617bacfcd28a0583db0fee62454
                                              • Opcode Fuzzy Hash: cc35ecd5a93063da1183701248f17dca1c596e2e1d8d9986a40f28483dcd9575
                                              • Instruction Fuzzy Hash: 45812823F3C6034BF714BB259841A35A291AF4C754FE0053DE96D866D6EE2EF8408A32
                                              Function 00007FF77C339F60 Relevance: 9.2, APIs: 6, Instructions: 180COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8155321a93176bc4c4200af923682af65ca18711955211ed52f216cd2b673b30
                                              • Instruction ID: f1e9c7a7536d3b1c16292dc9682f453cac80a69a83fb7ed7f826ca28bed75c4e
                                              • Opcode Fuzzy Hash: 8155321a93176bc4c4200af923682af65ca18711955211ed52f216cd2b673b30
                                              • Instruction Fuzzy Hash: EC71A163A3D74282FB50BB619944AB9E3A0BF48B94FD8053DDE1D07A99DF3DE4508321
                                              Function 00007FF77C33F8F0 Relevance: 7.8, APIs: 6, Instructions: 317COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: dfead87ec6108077648ad3825d3ea0080477edc8ca47081f20bdd0a0302174ed
                                              • Instruction ID: 8ec68ccab3fdb09e525879fe6b2d37b9869cafd00d8d68aa07f2338666eb11f4
                                              • Opcode Fuzzy Hash: dfead87ec6108077648ad3825d3ea0080477edc8ca47081f20bdd0a0302174ed
                                              • Instruction Fuzzy Hash: 79E1DD63B35A4696DB14AF64E918AB8A3A0EF087E4FC04736D93D47BD8DE28D019C311
                                              Function 00007FF77C313500 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExceptionFailFastRaise
                                              • String ID: Process is terminating due to StackOverflowException.
                                              • API String ID: 2546344036-2200901744
                                              • Opcode ID: a73f9b0b1186b8bf137041686a0ee60befa2ebf5b9cf55ecf46c091e51a068e4
                                              • Instruction ID: 7795cfc6d3385259c83c144c80ce5ec5afb207dcbca74ed5d98bbae205775b14
                                              • Opcode Fuzzy Hash: a73f9b0b1186b8bf137041686a0ee60befa2ebf5b9cf55ecf46c091e51a068e4
                                              • Instruction Fuzzy Hash: 88519423B39E468BEF90AB15D4817B8A390EF4CB94F94483ADA1E47790DF2DE455C321
                                              Function 00007FF77C352DC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73libraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              • LoadLibraryExW.KERNEL32(?,?,?,?,00000286DEC00000,00007FF77C352EBD,?,?,00000000,00007FF77C33F8AC,?,FFFFFFFF,47AE147AE147AE15,00007FF77C32945C), ref: 00007FF77C352E12
                                              • GetProcAddress.KERNEL32(?,?,?,?,00000286DEC00000,00007FF77C352EBD,?,?,00000000,00007FF77C33F8AC,?,FFFFFFFF,47AE147AE147AE15,00007FF77C32945C), ref: 00007FF77C352E2C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AddressLibraryLoadProc
                                              • String ID: GetEnabledXStateFeatures$kernel32.dll
                                              • API String ID: 2574300362-4754247
                                              • Opcode ID: 14ea90d1c4bf5a15a4085266709c85a67ad0a07a71323ba950ff44953a265e56
                                              • Instruction ID: 906063c229314de1bc5b24c8c229e06741ce6002f15a0da040cb769efdfd22ac
                                              • Opcode Fuzzy Hash: 14ea90d1c4bf5a15a4085266709c85a67ad0a07a71323ba950ff44953a265e56
                                              • Instruction Fuzzy Hash: F5210F53F3C14242FFA8A339F455F7996818B1C394FC8803ECA0EC1A94DD1EE8804221
                                              Function 00007FF77C31AF90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AddressLibraryLoadProc
                                              • String ID: GetEnabledXStateFeatures$kernel32
                                              • API String ID: 2574300362-4273408117
                                              • Opcode ID: 274e0da2db24af44fa31abf1e79a32452a2f4646b1ed88df6da63e7f0bd2eccf
                                              • Instruction ID: 991c006fc99a4d411f56a9e71e422e824bec9480308e2955ba8c73f741958777
                                              • Opcode Fuzzy Hash: 274e0da2db24af44fa31abf1e79a32452a2f4646b1ed88df6da63e7f0bd2eccf
                                              • Instruction Fuzzy Hash: 85E04F16F36B0282EF45B753988166497A06F4C745FC84438C91D01394EE2CA6599731
                                              Function 00007FF77C31AFE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AddressLibraryLoadProc
                                              • String ID: GetEnabledXStateFeatures$kernel32
                                              • API String ID: 2574300362-4273408117
                                              • Opcode ID: ce6f5296a204aba61ce9ef49dc43d2f12b23842fbe95b74c7dd249d319ed59f7
                                              • Instruction ID: 14211bb23dd96cb982dea3db33a368054ad5901fa90ddbb5cdc1a8021c42c1bd
                                              • Opcode Fuzzy Hash: ce6f5296a204aba61ce9ef49dc43d2f12b23842fbe95b74c7dd249d319ed59f7
                                              • Instruction Fuzzy Hash: C6E02656F3AA0286FF49BB1298813B083A06FAC704FC8443CC90D013A1EE3CE24A9321
                                              Function 00007FF77C34E700 Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: SwitchThread
                                              • String ID:
                                              • API String ID: 115865932-0
                                              • Opcode ID: f4aaa3f96c492ce6e17f0f5d835cb774c61d338c5d6bba280d5d4821285017cf
                                              • Instruction ID: fad4d8f43757c7cfbab4aa3a23281ab1062acaaedaa77607f684f508a2c9ac42
                                              • Opcode Fuzzy Hash: f4aaa3f96c492ce6e17f0f5d835cb774c61d338c5d6bba280d5d4821285017cf
                                              • Instruction Fuzzy Hash: 5C41D733A3865681EF64AB25D84093DE690EF0CFA4F94873ED65E4A7C5CE2CE5408762
                                              Function 00007FF77C3319FD Relevance: 6.1, APIs: 4, Instructions: 119threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: SwitchThread
                                              • String ID:
                                              • API String ID: 115865932-0
                                              • Opcode ID: 44b941e54b3c05b20f0b851b031452e57e334a5e19445be4892a4e80d52cd89e
                                              • Instruction ID: c19ed9d7f2143ee0ab40ede7ab42a240e91cdd4ed66bce1ef45235e44deaba65
                                              • Opcode Fuzzy Hash: 44b941e54b3c05b20f0b851b031452e57e334a5e19445be4892a4e80d52cd89e
                                              • Instruction Fuzzy Hash: 9B513A23E382034BFB55BB299945F75F3A4AF0D740F94453CE90D862E1EE2DB8408632
                                              Function 00007FF77C34EE70 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: BreakDebug
                                              • String ID:
                                              • API String ID: 456121617-0
                                              • Opcode ID: e4ab8514af3f6f014f6506373d7b9cbb823d7638c04cae421d012170a137b048
                                              • Instruction ID: f381f75b0c5466b407bf83d470298c1bf9a9fe633b23dd71f6c5fbd34abe119e
                                              • Opcode Fuzzy Hash: e4ab8514af3f6f014f6506373d7b9cbb823d7638c04cae421d012170a137b048
                                              • Instruction Fuzzy Hash: 1541B523A3968182FB516B119540B79E7A0EF4CB54F8A063CDE4D1B395DF3CE581C322
                                              Function 00007FF77C33D010 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: BreakDebug
                                              • String ID:
                                              • API String ID: 456121617-0
                                              • Opcode ID: 5f868e6883e4306e4798fc5c7dca6ba7319e688e635161da728f78dd99401986
                                              • Instruction ID: 12062844f9eea2f03e4c2b0f1f67f2e3e293fb642bb97ef4d7175a022181afa2
                                              • Opcode Fuzzy Hash: 5f868e6883e4306e4798fc5c7dca6ba7319e688e635161da728f78dd99401986
                                              • Instruction Fuzzy Hash: B2319163A3974282EB647F11A5407B9E7A4EF4CB94F98003CDE4D07799DE3CE8418722
                                              Function 00007FF77C31AB10 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                              Download Yara Rule
                                              APIs
                                              • WaitForMultipleObjectsEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C316291), ref: 00007FF77C31AB44
                                              • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C316291), ref: 00007FF77C31AB4E
                                              • CoWaitForMultipleHandles.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C316291), ref: 00007FF77C31AB6D
                                              • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C316291), ref: 00007FF77C31AB81
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ErrorLastMultipleWait$HandlesObjects
                                              • String ID:
                                              • API String ID: 2817213684-0
                                              • Opcode ID: 2e4193dc27507b0cc0785436bf69825b5bf5a88872f1136b1b91a9cdfbe48115
                                              • Instruction ID: d7fba1b54e975f577b1c84b964d2cc50ae6bf335bef30af171e52e6cd537af50
                                              • Opcode Fuzzy Hash: 2e4193dc27507b0cc0785436bf69825b5bf5a88872f1136b1b91a9cdfbe48115
                                              • Instruction Fuzzy Hash: 2811E972B3CA9687DB149B16B80042AF3A1FF48B95F944539EADE83BA4CF3CD5008700
                                              Function 00007FF77C3792DC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                              • String ID:
                                              • API String ID: 2933794660-0
                                              • Opcode ID: b684cd9f6bae3ddb2e4f8fdc1087b23f524d747017c22d8809c7f62526f24cc6
                                              • Instruction ID: ceb69275aabca369384c0757325c6eb564362f7e6391d0a2941e1009dd451ff6
                                              • Opcode Fuzzy Hash: b684cd9f6bae3ddb2e4f8fdc1087b23f524d747017c22d8809c7f62526f24cc6
                                              • Instruction Fuzzy Hash: 1C112E22B25F0689EB00DF71E8552B873A4FB1DB58F840E35DE6D867A4DF78D1948350
                                              Function 00007FF77C37A65C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C3797EB), ref: 00007FF77C37A6AC
                                              • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF77C3797EB), ref: 00007FF77C37A6ED
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExceptionFileHeaderRaise
                                              • String ID: csm
                                              • API String ID: 2573137834-1018135373
                                              • Opcode ID: 305dc0d90ba247bf77b3081513aed6e1274f9ee9982620d9ea7225f6e90881e8
                                              • Instruction ID: f7af4c8fda28335900b76765556f933b02150b41986756b809927bfcf2c537e2
                                              • Opcode Fuzzy Hash: 305dc0d90ba247bf77b3081513aed6e1274f9ee9982620d9ea7225f6e90881e8
                                              • Instruction Fuzzy Hash: 60115B32629B4182EB219B15F540269B7E0FB89B98F985235DA8D07764DF3CD5518B00
                                              Function 00007FF77C333C20 Relevance: 5.1, APIs: 4, Instructions: 53COMMON
                                              Download Yara Rule
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,00000000,00007FF77C333D9F,?,?,?,00007FF77C34006A), ref: 00007FF77C333C6A
                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,00007FF77C333D9F,?,?,?,00007FF77C34006A), ref: 00007FF77C333CAC
                                              • EnterCriticalSection.KERNEL32(?,?,00000000,00007FF77C333D9F,?,?,?,00007FF77C34006A), ref: 00007FF77C333CD7
                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,00007FF77C333D9F,?,?,?,00007FF77C34006A), ref: 00007FF77C333CF8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1991683904.00007FF77C311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C310000, based on PE: true
                                              • Associated: 00000000.00000002.1991668295.00007FF77C310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C50A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992317171.00007FF77C510000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7ff77c310000_T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U01.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 045b48fe72bcf7abecfebc8b7f0e13c8ed7eea996b5e53e3f88679adc4f03f51
                                              • Instruction ID: 579fa56f6053ef62264e441158e78bb62863e08f1107021ff77e3ce067773c14
                                              • Opcode Fuzzy Hash: 045b48fe72bcf7abecfebc8b7f0e13c8ed7eea996b5e53e3f88679adc4f03f51
                                              • Instruction Fuzzy Hash: 3E214123A7890792EB50FB14E8697B4B294FF183A0FE80639C42D419E5DF6DE555C321

                                              Execution Graph

                                              Execution Coverage:10.7%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:13
                                              Total number of Limit Nodes:2
                                              execution_graph 25187 1760848 25189 1760849 25187->25189 25188 176091b 25189->25188 25191 1761382 25189->25191 25193 1761396 25191->25193 25192 1761480 25192->25189 25193->25192 25195 1767090 25193->25195 25196 176709a 25195->25196 25197 17670d7 25196->25197 25199 652e337 25196->25199 25197->25193 25200 652e2f3 GlobalMemoryStatusEx 25199->25200 25202 652e33e 25199->25202 25201 652e306 25200->25201 25201->25197 25202->25197

                                              Executed Functions

                                              Function 01769BE2 Relevance: 2.7, Instructions: 2738COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 897f001f315d19fdcfaeca011f1d0d9441b23f91c27ebe8793c5085f9b7a7d6d
                                              • Instruction ID: 098ee49fdc99f652a40384f6192bd7dadbb67f5fcd005993f7fd4ac6ca3ea648
                                              • Opcode Fuzzy Hash: 897f001f315d19fdcfaeca011f1d0d9441b23f91c27ebe8793c5085f9b7a7d6d
                                              • Instruction Fuzzy Hash: 3753E731D10B1A8ACB51EF68C8805ADF7B1FF99300F15D79AE4587B121EB70AAD5CB81
                                              Function 0176CDA8 Relevance: 2.3, Instructions: 2293COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 43a01e6280dc4034479dc8b952bcd4a65eb276334391662d52f0c1e9b56bdc64
                                              • Instruction ID: 6cd0712f901cff4c473f3a47fdc687ad8c3107ac50cf0c3cec757ff714320162
                                              • Opcode Fuzzy Hash: 43a01e6280dc4034479dc8b952bcd4a65eb276334391662d52f0c1e9b56bdc64
                                              • Instruction Fuzzy Hash: 5B332F31D1071A8EDB11EF68C8946ADF7B5FF99300F15C79AE448A7211EB70AAC5CB81
                                              Function 01763E80 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \Vl
                                              • API String ID: 0-682378881
                                              • Opcode ID: 475ed05ec6fe9bc7135ae790d23cb4ee02270c3255ef59b867e4439202973ca1
                                              • Instruction ID: e9fad95bcba8d89ecd6046b094756389973858167676e2a8525ee90aee4befb5
                                              • Opcode Fuzzy Hash: 475ed05ec6fe9bc7135ae790d23cb4ee02270c3255ef59b867e4439202973ca1
                                              • Instruction Fuzzy Hash: 0B913970E00219DFDB14CFA9C9857DEFBF6BF88314F148129E819A7254EB749886CB81
                                              Function 01764A98 Relevance: .3, Instructions: 266COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 22ed2e7d8c3b2071be7bb1ed25c28af5d0770e6d5ea0e7a4cae6200d0b91d123
                                              • Instruction ID: 53931e641204e2d3e886ed702d5fe10bdb1c1dd948f3d4cb7e69a84b35faa91d
                                              • Opcode Fuzzy Hash: 22ed2e7d8c3b2071be7bb1ed25c28af5d0770e6d5ea0e7a4cae6200d0b91d123
                                              • Instruction Fuzzy Hash: 02B14C70E00209DFDF14CFA9C9857ADFBF6AF88314F188529D91AA7354EB749885CB81
                                              Function 0652E337 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1322 652e337-652e33c 1323 652e2f3-652e304 GlobalMemoryStatusEx 1322->1323 1324 652e33e-652e366 1322->1324 1326 652e306-652e30c 1323->1326 1327 652e30d-652e335 1323->1327 1328 652e368-652e36b 1324->1328 1326->1327 1329 652e393-652e396 1328->1329 1330 652e36d-652e38e 1328->1330 1333 652e3f2-652e3f5 1329->1333 1334 652e398-652e3ed 1329->1334 1330->1329 1336 652e406-652e409 1333->1336 1337 652e3f7-652e3fb 1333->1337 1334->1333 1340 652e40b-652e41e 1336->1340 1341 652e429-652e42c 1336->1341 1338 652e401 1337->1338 1339 652e786-652e7be 1337->1339 1338->1336 1380 652e7d0 1339->1380 1381 652e7c0-652e7ce 1339->1381 1344 652e424 1340->1344 1345 652e4ad-652e4b4 1340->1345 1346 652e454-652e457 1341->1346 1347 652e42e-652e44f 1341->1347 1344->1341 1350 652e4b9-652e4bc 1345->1350 1351 652e465-652e468 1346->1351 1352 652e459-652e460 1346->1352 1347->1346 1356 652e4c8-652e4cb 1350->1356 1357 652e4be-652e4c5 1350->1357 1353 652e46a-652e483 call 6521b64 1351->1353 1354 652e488-652e48b 1351->1354 1352->1351 1353->1354 1360 652e4a8-652e4ab 1354->1360 1361 652e48d-652e4a3 1354->1361 1358 652e4e1-652e4e4 1356->1358 1359 652e4cd-652e4d6 1356->1359 1365 652e4e6-652e502 1358->1365 1366 652e507-652e50a 1358->1366 1359->1347 1377 652e4dc 1359->1377 1360->1345 1360->1350 1361->1360 1365->1366 1372 652e525-652e528 1366->1372 1373 652e50c-652e520 1366->1373 1375 652e545-652e548 1372->1375 1376 652e52a-652e540 1372->1376 1373->1372 1383 652e552-652e555 1375->1383 1384 652e54a-652e54f 1375->1384 1376->1375 1377->1358 1387 652e7d8-652e7ea 1380->1387 1381->1387 1389 652e557-652e55e 1383->1389 1390 652e569-652e56c 1383->1390 1384->1383 1409 652e7fc 1387->1409 1410 652e7ec-652e7fa 1387->1410 1389->1339 1393 652e564 1389->1393 1394 652e5bb-652e5be 1390->1394 1395 652e56e-652e5b6 1390->1395 1393->1390 1399 652e5c0-652e5d1 1394->1399 1400 652e5d6-652e5d9 1394->1400 1395->1394 1399->1400 1401 652e5f0-652e5f3 1400->1401 1402 652e5db-652e5eb 1400->1402 1404 652e617-652e61a 1401->1404 1405 652e5f5-652e612 1401->1405 1402->1401 1411 652e632-652e635 1404->1411 1412 652e61c-652e62d 1404->1412 1405->1404 1420 652e804-652e844 1409->1420 1410->1420 1415 652e671-652e674 1411->1415 1416 652e637-652e66c 1411->1416 1412->1411 1421 652e676-652e683 1415->1421 1422 652e688-652e68b 1415->1422 1416->1415 1440 652e84c-652e87f 1420->1440 1421->1422 1422->1337 1423 652e691-652e693 1422->1423 1425 652e695 1423->1425 1426 652e69a-652e69d 1423->1426 1425->1426 1426->1328 1430 652e6a3-652e6b2 1426->1430 1435 652e6b8-652e768 call 6521b64 1430->1435 1436 652e76e-652e783 1430->1436 1435->1436 1436->1339 1450 652e881-652e886 1440->1450 1451 652e88c 1440->1451 1450->1451 1453 652e88d 1451->1453 1453->1453
                                              APIs
                                              • GlobalMemoryStatusEx.KERNELBASE ref: 0652E2F7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3234926050.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6520000_jsc.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID: Te]q
                                              • API String ID: 1890195054-52440209
                                              • Opcode ID: 32570a6cb17b0469a4b1ddfc730d8a31fd03e14ff7b6193b1ba7eb34b7d66b44
                                              • Instruction ID: 9299c85bde5f8ec980402b5998d65852347548d41f3cd06537f50f292af79b09
                                              • Opcode Fuzzy Hash: 32570a6cb17b0469a4b1ddfc730d8a31fd03e14ff7b6193b1ba7eb34b7d66b44
                                              • Instruction Fuzzy Hash: 4C51D031E102659FDF20CB68D845BAD77A1FB8A310F248429E409EB391CA79AC46CFD1
                                              Function 01764804 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2341 1764804-176489c 2345 17648e6-17648e8 2341->2345 2346 176489e-17648a9 2341->2346 2348 17648ea-1764902 2345->2348 2346->2345 2347 17648ab-17648b7 2346->2347 2349 17648da-17648e4 2347->2349 2350 17648b9-17648c3 2347->2350 2354 1764904-176490f 2348->2354 2355 176494c-176494e 2348->2355 2349->2348 2351 17648c7-17648d6 2350->2351 2352 17648c5 2350->2352 2351->2351 2356 17648d8 2351->2356 2352->2351 2354->2355 2357 1764911-176491d 2354->2357 2358 1764950-1764962 2355->2358 2356->2349 2359 1764940-176494a 2357->2359 2360 176491f-1764929 2357->2360 2365 1764969-1764995 2358->2365 2359->2358 2361 176492d-176493c 2360->2361 2362 176492b 2360->2362 2361->2361 2364 176493e 2361->2364 2362->2361 2364->2359 2366 176499b-17649a9 2365->2366 2367 17649b2-1764a0f 2366->2367 2368 17649ab-17649b1 2366->2368 2375 1764a11-1764a15 2367->2375 2376 1764a1f-1764a23 2367->2376 2368->2367 2375->2376 2379 1764a17-1764a1a call 1760ab8 2375->2379 2377 1764a25-1764a29 2376->2377 2378 1764a33-1764a37 2376->2378 2377->2378 2380 1764a2b-1764a2e call 1760ab8 2377->2380 2381 1764a47-1764a4b 2378->2381 2382 1764a39-1764a3d 2378->2382 2379->2376 2380->2378 2386 1764a4d-1764a51 2381->2386 2387 1764a5b 2381->2387 2382->2381 2385 1764a3f 2382->2385 2385->2381 2386->2387 2388 1764a53 2386->2388 2389 1764a5c 2387->2389 2388->2387 2389->2389
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \Vl$\Vl
                                              • API String ID: 0-415357090
                                              • Opcode ID: 96e02fe2b9bc55a0ace665ad0a76dcb5d6b6d4f62a2f173d76dfe227c1a26443
                                              • Instruction ID: f1ad64567f5b9871263ce95f909255d717e4c36a53fbab8c15349c6320d76ca3
                                              • Opcode Fuzzy Hash: 96e02fe2b9bc55a0ace665ad0a76dcb5d6b6d4f62a2f173d76dfe227c1a26443
                                              • Instruction Fuzzy Hash: 2F718AB0E00209DFDB10DFA9C98579EFBF6AF48314F148129E81AA7254EB749846CB95
                                              Function 01764810 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2390 1764810-176489c 2393 17648e6-17648e8 2390->2393 2394 176489e-17648a9 2390->2394 2396 17648ea-1764902 2393->2396 2394->2393 2395 17648ab-17648b7 2394->2395 2397 17648da-17648e4 2395->2397 2398 17648b9-17648c3 2395->2398 2402 1764904-176490f 2396->2402 2403 176494c-176494e 2396->2403 2397->2396 2399 17648c7-17648d6 2398->2399 2400 17648c5 2398->2400 2399->2399 2404 17648d8 2399->2404 2400->2399 2402->2403 2405 1764911-176491d 2402->2405 2406 1764950-1764995 2403->2406 2404->2397 2407 1764940-176494a 2405->2407 2408 176491f-1764929 2405->2408 2414 176499b-17649a9 2406->2414 2407->2406 2409 176492d-176493c 2408->2409 2410 176492b 2408->2410 2409->2409 2412 176493e 2409->2412 2410->2409 2412->2407 2415 17649b2-1764a0f 2414->2415 2416 17649ab-17649b1 2414->2416 2423 1764a11-1764a15 2415->2423 2424 1764a1f-1764a23 2415->2424 2416->2415 2423->2424 2427 1764a17-1764a1a call 1760ab8 2423->2427 2425 1764a25-1764a29 2424->2425 2426 1764a33-1764a37 2424->2426 2425->2426 2428 1764a2b-1764a2e call 1760ab8 2425->2428 2429 1764a47-1764a4b 2426->2429 2430 1764a39-1764a3d 2426->2430 2427->2424 2428->2426 2434 1764a4d-1764a51 2429->2434 2435 1764a5b 2429->2435 2430->2429 2433 1764a3f 2430->2433 2433->2429 2434->2435 2436 1764a53 2434->2436 2437 1764a5c 2435->2437 2436->2435 2437->2437
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \Vl$\Vl
                                              • API String ID: 0-415357090
                                              • Opcode ID: 08751ed3df53a0bbe39cb033818033bbeffaf4f5344decfcf7ac2f56592da77b
                                              • Instruction ID: 2bbdedbe2510f01cd390900b1b3711f968445fad34a647997cce437f119398ce
                                              • Opcode Fuzzy Hash: 08751ed3df53a0bbe39cb033818033bbeffaf4f5344decfcf7ac2f56592da77b
                                              • Instruction Fuzzy Hash: 1E719CB0E00209DFDF14DFA9C88579EFBF6BF88314F148129E81AA7254EB749845CB85
                                              Function 01766ED7 Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2506 1766ed7-1766f42 call 1766c40 2515 1766f44-1766f5d call 1766774 2506->2515 2516 1766f5e-1766f8c 2506->2516 2520 1766f8e-1766f91 2516->2520 2522 1766f93 call 1767908 2520->2522 2523 1766fa1-1766fa4 2520->2523 2528 1766f99-1766f9c 2522->2528 2524 1766fa6-1766fba 2523->2524 2525 1766fd7-1766fda 2523->2525 2534 1766fc0 2524->2534 2535 1766fbc-1766fbe 2524->2535 2526 1766fee-1766ff1 2525->2526 2527 1766fdc-1766fe3 2525->2527 2531 1766ff3-1767028 2526->2531 2532 176702d-176702f 2526->2532 2529 17670eb-17670f1 2527->2529 2530 1766fe9 2527->2530 2528->2523 2530->2526 2531->2532 2536 1767036-1767039 2532->2536 2537 1767031 2532->2537 2538 1766fc3-1766fd2 2534->2538 2535->2538 2536->2520 2539 176703f-176704e 2536->2539 2537->2536 2538->2525 2542 1767050-1767053 2539->2542 2543 1767078-176708d 2539->2543 2545 176705b-1767076 2542->2545 2543->2529 2545->2542 2545->2543
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LR]q$LR]q
                                              • API String ID: 0-3917262905
                                              • Opcode ID: fdd2e02176bd4ca47adecdacda033c2062bddf8e5c20c652f56446d68a90c94c
                                              • Instruction ID: f1382799294e58801e5c5d6cc90a766a34e9de107549f989abf105d53b82b9b3
                                              • Opcode Fuzzy Hash: fdd2e02176bd4ca47adecdacda033c2062bddf8e5c20c652f56446d68a90c94c
                                              • Instruction Fuzzy Hash: 3251E130E10209DFDB19DF78C4547AEB7B6EF85304F60852AE806EB291DB719C46CB91
                                              Function 0652E290 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalMemoryStatusEx.KERNELBASE ref: 0652E2F7
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3234926050.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_6520000_jsc.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID:
                                              • API String ID: 1890195054-0
                                              • Opcode ID: 49ca5a763c7a5665eaca011cde303ea9f17f535b9746719c1badf50fc49456e1
                                              • Instruction ID: cdb2b58770e362f04cff914b47e352561bc79a286482478a52ce34da1cad5e2d
                                              • Opcode Fuzzy Hash: 49ca5a763c7a5665eaca011cde303ea9f17f535b9746719c1badf50fc49456e1
                                              • Instruction Fuzzy Hash: 841112B1C0066A9BCB10DF9AD544B9EFBF4FF49320F14812AD918A7240D378A944CFE5
                                              Function 01763E74 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \Vl
                                              • API String ID: 0-682378881
                                              • Opcode ID: 0fba1623c3c907ab78f7ab52fdb8a353c62e81a850d7de51a0320961704556bd
                                              • Instruction ID: 8224dded00359b849c3861a71c20538afd29d42f28fde8a335e35cd6c6a20591
                                              • Opcode Fuzzy Hash: 0fba1623c3c907ab78f7ab52fdb8a353c62e81a850d7de51a0320961704556bd
                                              • Instruction Fuzzy Hash: 33916B70E00209DFDB14CFA8C9857DDFBF6BF88304F148129E819A7254EB749886CB81
                                              Function 0176F2CD Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PH]q
                                              • API String ID: 0-3168235125
                                              • Opcode ID: ad9eea2972b3d93eaadcc0b8a71c95983472a0e7fa5b9a7612c8eea66a834400
                                              • Instruction ID: ee678641d910ec117823314eb236c5115cc52512fda51f42475797b98f318606
                                              • Opcode Fuzzy Hash: ad9eea2972b3d93eaadcc0b8a71c95983472a0e7fa5b9a7612c8eea66a834400
                                              • Instruction Fuzzy Hash: 42410230B002018FDB259B38E56466EBBEBEF85250F148578D806DB395DE39DC06CBA5
                                              Function 01766F78 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LR]q
                                              • API String ID: 0-3081347316
                                              • Opcode ID: 2ae509f17fdd90f08fd68104495cd79ff460e73187ccb16ebf09c7eeb85a3605
                                              • Instruction ID: 1c8cf71aa3654df439a650f5bd6ca36a77d86897f3cd9e96138d1e31a7bbffb7
                                              • Opcode Fuzzy Hash: 2ae509f17fdd90f08fd68104495cd79ff460e73187ccb16ebf09c7eeb85a3605
                                              • Instruction Fuzzy Hash: 97316F34E10209DBDB19CF68D44079EF7B6EF89354F60852AE905FB241EB71A842CB51
                                              Function 01766B90 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LR]q
                                              • API String ID: 0-3081347316
                                              • Opcode ID: 9d0ec15b46375fe97a6c67bbc528911ab245071d5d9311f88e5e803ba1f0b960
                                              • Instruction ID: ef64471c4e11956a02c20bf71fd0950aaf3739d3c4216ef5354ed2b45e9e44f7
                                              • Opcode Fuzzy Hash: 9d0ec15b46375fe97a6c67bbc528911ab245071d5d9311f88e5e803ba1f0b960
                                              • Instruction Fuzzy Hash: E32105316192918FC712EF7CD4A479EBFB6EF96200F0448AED049CB29ADA359C49C791
                                              Function 01767908 Relevance: .6, Instructions: 554COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: db16fe82026267608c89feab5c0d30e46d14b99579bd83c7c3d889b420292e8d
                                              • Instruction ID: f439bed179919b265722d209be601a58986a4dc4171d4310b420079ca4cb464c
                                              • Opcode Fuzzy Hash: db16fe82026267608c89feab5c0d30e46d14b99579bd83c7c3d889b420292e8d
                                              • Instruction Fuzzy Hash: 2E121E30720211DFCB1AAB3CE558628B7ABFBC9245B504939E405CB369DF75DC878BA1
                                              Function 01769364 Relevance: .4, Instructions: 378COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bf9e197c95d1ca769dda0ae86312d7b143fc698db819c8d91978b6307f3150d9
                                              • Instruction ID: 9d174ffedf174231d078cf081825c01eda0dcb714d1506fce78d5dd401815c80
                                              • Opcode Fuzzy Hash: bf9e197c95d1ca769dda0ae86312d7b143fc698db819c8d91978b6307f3150d9
                                              • Instruction Fuzzy Hash: DED17D34B002058FDB15DF68D584AAEBBB6FF89314F24846AEA06DB395DB34DC42CB41
                                              Function 017696E0 Relevance: .4, Instructions: 353COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 54561fd65dabe122bc1e4513e238f239770f242505f2b5792a0f5814b4e4f44d
                                              • Instruction ID: d84bdb2f6f0175f2e91b15d6c6b46f5037a5488795c7085eea8a133c5c8c82e6
                                              • Opcode Fuzzy Hash: 54561fd65dabe122bc1e4513e238f239770f242505f2b5792a0f5814b4e4f44d
                                              • Instruction Fuzzy Hash: BFC1AF30B002068FDB15CF68D9847AEFBB6FB84314F20856AEA09DB395DB74D945CB91
                                              Function 01764A8C Relevance: .3, Instructions: 263COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4e4f3d59f9ed9badc847bcf70e60de9a3d248113cefd4fb785b7edd96ebd604c
                                              • Instruction ID: 7543148b45012e2eab52ecd9a17344557944ae52b77fafdf2938b94bd3ceaa91
                                              • Opcode Fuzzy Hash: 4e4f3d59f9ed9badc847bcf70e60de9a3d248113cefd4fb785b7edd96ebd604c
                                              • Instruction Fuzzy Hash: 2DA14A70E00209DFDB10CFA9D9857ADFBF5AF88314F188529D91AA7354EB749885CB81
                                              Function 01766CDD Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2afe5f0401fbdf92d90c6230459ed84a0833f4d3e4e8961a20103050c6c7bb71
                                              • Instruction ID: 307af85c61170ca68ec540871e2649df08af07fdbdfe67aa24b04102a7ac3d25
                                              • Opcode Fuzzy Hash: 2afe5f0401fbdf92d90c6230459ed84a0833f4d3e4e8961a20103050c6c7bb71
                                              • Instruction Fuzzy Hash: BE510270D002188FDB18CFA9C884BADFBB5BF48714F548129E819BB395D774A885CF95
                                              Function 01766CE8 Relevance: .1, Instructions: 132COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e927c68c0d4a41b98fea91eaadcbf925d74014bc60bbd9f8d98b93fda37283a4
                                              • Instruction ID: 2e5989eab8a66414704bd93801f1ebec688cccb8b009ef7a1668b906890aa0c7
                                              • Opcode Fuzzy Hash: e927c68c0d4a41b98fea91eaadcbf925d74014bc60bbd9f8d98b93fda37283a4
                                              • Instruction Fuzzy Hash: 77510370D002188FDB18CFA9C884B9DFBB5FF48714F548529E819BB391D774A885CB95
                                              Function 0176112A Relevance: .1, Instructions: 114COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: da269c146b002d63d183f9a21d2c937eb3ec4ccd0e1d6fa25cb89ae7a767f4d4
                                              • Instruction ID: 39e88bb84c71c65b116028a62b2cbca3b99b3ba7e4aa13a9e715e5badfb150d7
                                              • Opcode Fuzzy Hash: da269c146b002d63d183f9a21d2c937eb3ec4ccd0e1d6fa25cb89ae7a767f4d4
                                              • Instruction Fuzzy Hash: 5851EA78302141CFCB19DF2DF9889447F7AFBD639470081A9E0455B23ADB286D09DFA2
                                              Function 01761138 Relevance: .1, Instructions: 112COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 640c4d212cbb6650eb4a4a0a588ba76c2b64eb5673b258b0b843e457d29f9ab2
                                              • Instruction ID: fa7bdfa3fadbe398d18768868a3a3ffd5e0dd821672fa0d29f726be30a4ecd47
                                              • Opcode Fuzzy Hash: 640c4d212cbb6650eb4a4a0a588ba76c2b64eb5673b258b0b843e457d29f9ab2
                                              • Instruction Fuzzy Hash: 1451C878302141CFCB19DF2DF9889487F7AFBD979430081A9E0455B23ADB286D09DFA2
                                              Function 0176F190 Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0bc1410318e6bd43d63791e262428912db1212d985367d11cc000deb17ca3bf5
                                              • Instruction ID: 46c0b528c4e4df5f7e33ad379ebe4210d60befaf08a743acab3edb8c87c2d030
                                              • Opcode Fuzzy Hash: 0bc1410318e6bd43d63791e262428912db1212d985367d11cc000deb17ca3bf5
                                              • Instruction Fuzzy Hash: C3316C79E142068BCB09CFA8E895A9EB7B6AF89300F10C529E805E7351DB30A842CF41
                                              Function 0176F1A0 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5ef60713ac3b701237e1723ff856e44a257dbd067ddb1b9110371f66e74763ec
                                              • Instruction ID: 156337a41637fe319d012c0b891c3c55b33b81682eae36e170f82b2f1b32295c
                                              • Opcode Fuzzy Hash: 5ef60713ac3b701237e1723ff856e44a257dbd067ddb1b9110371f66e74763ec
                                              • Instruction Fuzzy Hash: C2316F39A106058FCB19CFA9E494A9EF7B6FF89300F10C529E805E7350DB70AC46CB40
                                              Function 017626DE Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ce1e7dfaa8d53d3a714a2d98b50e8dd2612ef04f13a86c64d4227f4ec98e3a78
                                              • Instruction ID: d393054a18a077e3d7c8639e1e6b69f5a6a88f1141b4d3e8a131f94d04d645a7
                                              • Opcode Fuzzy Hash: ce1e7dfaa8d53d3a714a2d98b50e8dd2612ef04f13a86c64d4227f4ec98e3a78
                                              • Instruction Fuzzy Hash: 7B41E0B4D00249DFDB14DFA9C984ADEBFB5FF48310F14842AE809AB254DB75A949CB90
                                              Function 017626E8 Relevance: .1, Instructions: 90COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2fea63ee24bf306a6119d5879e2682f0d643c81e15a82b15dd0317c3d84c25cd
                                              • Instruction ID: a26f9662864f6c185dd365fd3f9e89c895bddca99a1eef9b117e95b2042c619d
                                              • Opcode Fuzzy Hash: 2fea63ee24bf306a6119d5879e2682f0d643c81e15a82b15dd0317c3d84c25cd
                                              • Instruction Fuzzy Hash: 6A41EEB0D002499FDB14DFA9C884ADEBFB5FF48310F148429E909AB254DB75A945CB90
                                              Function 01769250 Relevance: .1, Instructions: 82COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 15278e8d6620a0f3791c2b6b7e30b262c52f7e94659980836b0fc1b363d75777
                                              • Instruction ID: 814924eaba115fec1397b06ca905d9f9022d7df7a7b60918337545f1fb458b63
                                              • Opcode Fuzzy Hash: 15278e8d6620a0f3791c2b6b7e30b262c52f7e94659980836b0fc1b363d75777
                                              • Instruction Fuzzy Hash: C631B171E002099FCB05CFA9D494A9EFBB6FF89304F14C619E905EB341DB709886CB91
                                              Function 01769260 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e6ba0d0ef474b517f8c5e5f61a7b1fd7502b7b7e715620fc97202d99a0a9617b
                                              • Instruction ID: a3b3060d29237bf61455195eb2b241b5b5b5c2312ae89191eb7865975a5b6ea2
                                              • Opcode Fuzzy Hash: e6ba0d0ef474b517f8c5e5f61a7b1fd7502b7b7e715620fc97202d99a0a9617b
                                              • Instruction Fuzzy Hash: FD218231E0020A9FDF05CFA9D49469EFBB6FF89304F54C519E905EB241DB709886CB91
                                              Function 01769150 Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 65b659148f983b582fd64309d859eb7c55632288934b64a65a70790171f42de4
                                              • Instruction ID: 488fdfe52ab67c07a7ef4727ea9997e5a4147316613b0f87fd615c8a5ce1bc95
                                              • Opcode Fuzzy Hash: 65b659148f983b582fd64309d859eb7c55632288934b64a65a70790171f42de4
                                              • Instruction Fuzzy Hash: D6218D31E04605CFCB19CFA8C844A9EF7B6AF89304F20861AED16A7341DB70A946CB51
                                              Function 0176169F Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7bb2ff793f5bc14aef236eca4e77591931f21d36e1cb46a1e1fe24b2244aedf6
                                              • Instruction ID: 689b808ed33f3074eb5caa2544f02157ca5018b9070a89e9979553e6d8fb735b
                                              • Opcode Fuzzy Hash: 7bb2ff793f5bc14aef236eca4e77591931f21d36e1cb46a1e1fe24b2244aedf6
                                              • Instruction Fuzzy Hash: 0A214F787001014FDB26EB3CF88CB597B69EBC9355F504965D806CB26ADB2CDC45CBA2
                                              Function 0171D030 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233181346.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_171d000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e9c32ea1f7b3d8e47105983c0aca5281c5ecf84f0125df352680981c4cb58201
                                              • Instruction ID: 2001e8b4f01af7a39f1e8a81d4a120f7a2f85c5329357c8a0dc2829e55d34cb4
                                              • Opcode Fuzzy Hash: e9c32ea1f7b3d8e47105983c0aca5281c5ecf84f0125df352680981c4cb58201
                                              • Instruction Fuzzy Hash: 85212271504204DFCB25DF9CD9C8B26FBA5FB88314F20C6ADD9090B25AC33AD846CA62
                                              Function 01761878 Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f293c5d94c7ee527eb5b8a918998fca4eed99ccc8d64e624723b455ae3aabc9
                                              • Instruction ID: c830dd799acdf91c78d279771332d408927be21802394897e664dbd3df577c02
                                              • Opcode Fuzzy Hash: 8f293c5d94c7ee527eb5b8a918998fca4eed99ccc8d64e624723b455ae3aabc9
                                              • Instruction Fuzzy Hash: 87217C30B00255CFDB25DB78C6597ADBBF9AB89340F5004A9D805EB254DB368D05DB61
                                              Function 01764F8A Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 31775bd9f327ed25cab4d7cbd2358b0dfadfbb9bd960b60052efdcb601c93519
                                              • Instruction ID: c04642e17b086a2a60816bbddd27ef28f564930334ecbb6e463a4edb6ba2de0c
                                              • Opcode Fuzzy Hash: 31775bd9f327ed25cab4d7cbd2358b0dfadfbb9bd960b60052efdcb601c93519
                                              • Instruction Fuzzy Hash: A6214834B00104CFDB24DF78D558AADBBF5EB89340B2045A8E806EB365DB36DC05DBA1
                                              Function 01769160 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0c8bd21f7cf85e5fa6eddbcd69e9db4c267ea4988039259c1b715fe54e9ad59c
                                              • Instruction ID: 70ab5b7a8773e9d368f6e308057c898bf1c01696c91dae744cf4d2ffe20db046
                                              • Opcode Fuzzy Hash: 0c8bd21f7cf85e5fa6eddbcd69e9db4c267ea4988039259c1b715fe54e9ad59c
                                              • Instruction Fuzzy Hash: 36217F30E0460ADFCB19CFA5D85459EF7B6AF89304F20C52AED15BB340DB709946CB51
                                              Function 01761888 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d4c9c92eb588aad89d1e80884bf25a4f11e279c70ed6fae0e77069ed427a8ee9
                                              • Instruction ID: 3e6147466e1a5e3afd8d8439487f44cc8064a3a9116bacaf036def486d0ba3e2
                                              • Opcode Fuzzy Hash: d4c9c92eb588aad89d1e80884bf25a4f11e279c70ed6fae0e77069ed427a8ee9
                                              • Instruction Fuzzy Hash: 20216030B00245CFDB14EB78C5196ADB7F9EF89340F9004A9D905EB354DB358D04DBA1
                                              Function 017616B0 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c1969c206c172de41e4648ee8ebf298c0a3fdcc2860f55101156e49b517f12be
                                              • Instruction ID: d99c5688f854df13f93060c9c5f106f0f37795edb85a8621bf6e55a500337cb3
                                              • Opcode Fuzzy Hash: c1969c206c172de41e4648ee8ebf298c0a3fdcc2860f55101156e49b517f12be
                                              • Instruction Fuzzy Hash: 10214F787101014FDB25EB2CF88CB59B76EEBC8354F504925D806C7266DB2CDC45CB91
                                              Function 01761382 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f351dee141a3f74425835b1d141de47e3f7aee0b683738778685b00e9be09906
                                              • Instruction ID: dfd2cae286a2af99663367286e3918db24facde9c672bb2ea367abcc46d73ba5
                                              • Opcode Fuzzy Hash: f351dee141a3f74425835b1d141de47e3f7aee0b683738778685b00e9be09906
                                              • Instruction Fuzzy Hash: 66217F70B102418FDB3AA72CE59C328BF69E78A315F500869D807C73C5DB69CC84CB92
                                              Function 01764F98 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f03b530f36ff88e4e80a975a3662955b4228f8abd8dc48638a4885c3daa5ce95
                                              • Instruction ID: 35d39a8ba8b2a2db22a5d691c0d12e98fc0c1fd09dfbd74c64a4e8492f9a098e
                                              • Opcode Fuzzy Hash: f03b530f36ff88e4e80a975a3662955b4228f8abd8dc48638a4885c3daa5ce95
                                              • Instruction Fuzzy Hash: E1211634700205CFDB24DF79D558AADBBF5EB89350B1044A8E806EB3A5DB36DD01DBA1
                                              Function 01760848 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 45db5395ec1c5bda1c894401d214e282864de135ec94b858bb9ec33fb0c5ee6b
                                              • Instruction ID: 64984754fec311216b55cdd0ce5157308f747e7c41839f324e811edb49c0bdd8
                                              • Opcode Fuzzy Hash: 45db5395ec1c5bda1c894401d214e282864de135ec94b858bb9ec33fb0c5ee6b
                                              • Instruction Fuzzy Hash: 3F119130B802058FDF66DB7DD44872EB6AEEB85250F104979F806CB292DA69CC858BD1
                                              Function 01760838 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a71a7b544a7ddd1f0e0acbffc40cde662389453cfee80db74264325e7945153c
                                              • Instruction ID: afc026082ceadaf479dde4a984cdeafa455b2f17d5cbd45f769c62db763953ac
                                              • Opcode Fuzzy Hash: a71a7b544a7ddd1f0e0acbffc40cde662389453cfee80db74264325e7945153c
                                              • Instruction Fuzzy Hash: C111A330B403065BEF26DA7DD40436DF65DEB46250F144979FC06CB282DA69CD454BD1
                                              Function 01761488 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e8766b2e7ee8f80877155b5a3138928418a465b65b92e33d62ea892712690ebe
                                              • Instruction ID: bf9c0b1efa2155be3664fc4ac5ab9be5f1661d5946a74237c4788e47613d3176
                                              • Opcode Fuzzy Hash: e8766b2e7ee8f80877155b5a3138928418a465b65b92e33d62ea892712690ebe
                                              • Instruction Fuzzy Hash: 55117071E002158FCF26EFB884486AEFBB9AF98210B650479EC05E7306E635D9418B91
                                              Function 017617C2 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0363572e9405f941171a2e8d7b373fbcc016171a4cbc4076cfe4555b0a1c01d1
                                              • Instruction ID: 44b4248eafe456786ba4688128935795dc9e71b5e0b8f708aa83d3fd2bc980a3
                                              • Opcode Fuzzy Hash: 0363572e9405f941171a2e8d7b373fbcc016171a4cbc4076cfe4555b0a1c01d1
                                              • Instruction Fuzzy Hash: A811C275B002119FCB10ABB9A84865EBFE9EBCD750F104465E909D3344EA389D4187A2
                                              Function 0171D02B Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233181346.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_171d000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction ID: a44ab25e6cce57fb374d85f7fd9fb37c04b16543262247654d0cc523699510c7
                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                              • Instruction Fuzzy Hash: 2211BE75504284CFDB22CF58D5C4B15FF61FB84314F24C6AAD8494B656C33AD44ACF62
                                              Function 01761498 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a829431d5dbf6498b902aad1572b567e848f3fb30bed9f86b5c25b89c4050839
                                              • Instruction ID: 0beb36a75b1ee1bded28451329b7dffd66439b23b6cfdcd22c4f9220deae04c6
                                              • Opcode Fuzzy Hash: a829431d5dbf6498b902aad1572b567e848f3fb30bed9f86b5c25b89c4050839
                                              • Instruction Fuzzy Hash: 9E014431A002159FCB26EFB8845859EFBF9EF98210F650479EC05E7305E775D9418B91
                                              Function 017680F1 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2604f452497d2be3da0078e0920c825a400ae42b3f85ebe86fa08bd7e747f4b6
                                              • Instruction ID: e6ccb32d93c6559dfe112aa4fcdf430227290d81688098035f8d3cab9062a673
                                              • Opcode Fuzzy Hash: 2604f452497d2be3da0078e0920c825a400ae42b3f85ebe86fa08bd7e747f4b6
                                              • Instruction Fuzzy Hash: 5B018430A40209DFCB05EFBCF98594C7BF9EF85344B5041B8C4049B265DB346E49CB51
                                              Function 01767090 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e5f090ede702b69a08303168e9f21fb1a5f532f1b6badc9a25e7429a1ca8b326
                                              • Instruction ID: 26e0b58864860093c27700217a68ef120a7aaaf69d8407dbf1771a5793fc8e94
                                              • Opcode Fuzzy Hash: e5f090ede702b69a08303168e9f21fb1a5f532f1b6badc9a25e7429a1ca8b326
                                              • Instruction Fuzzy Hash: 0DF0C439B10218CFC718EB68D598A6DB7B2EF88359F1140A8E5069B3A4CB35AD42CF51
                                              Function 01768100 Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.3233316902.0000000001760000.00000040.00000800.00020000.00000000.sdmp, Offset: 01760000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_1760000_jsc.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 265f8def5efd498fe95a26b04029526e88324a3939270600472f28ee350580bf
                                              • Instruction ID: c56b8601801a753fceaf7add6fb4cf967fd16de0e427304461ec3c481a9fbf23
                                              • Opcode Fuzzy Hash: 265f8def5efd498fe95a26b04029526e88324a3939270600472f28ee350580bf
                                              • Instruction Fuzzy Hash: DDF01D34A40109DFCB05EFBCF98999D7BBAEF84244F504278C4089B254DB356E49CB91